HICP discussion medical device Today we share part 2 of our Erik Decker HICP discussion.  Learn about more free planning and management tools for small and medium organizations in today’s HICP discussion. The 405(d) Task Group has more work to do so learn ways you can help spread the word about using these tools to improve healthcare cybersecurity.  We even ask how we can all help promote cybersecurity awareness and HICP to improve the healthcare cybersecurity.

Erik Decker HICPErik Decker, Chief Security and Privacy Officer, University of Chicago School of Medicine joined us to discuss the reception of HICP along with its development and where it goes next.  Today is part 2 of that HICP discussion with even more information and ideas.

At the NIST/OCR conference you guys mentioned the release of HIC-SCRiM.  In the opening it says “The JCWG Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide as a tool particularly targeted at smaller to mid-sized health organizations.”  We haven’t had an opportunity to spend a great deal of time reviewing it just yet but we are excited to see another tool aimed for SMB groups.  It does work from the NIST CSF which we also include in our recommendations and tools as often as possible.

We will dig deeper into HIC-SCiM and do an episode on it soon for all our listeners to reference.  Since we had you just wanted to throw in a quick question.  We know it isn’t your working specific working group but I found it particularly interesting that there is a template contract in the appendix that references the HICP 10 practices and sub practices as expectations for vendors to meet.

This episode includes a lot of discussion outside our normal show notes process.  We just started talking with Erick and had about three or four things to make sure we covered.  Once we started talking the HICP discussions just had a life of their own!  Instead of reading the details here you really should listen to this episode.  At some point we may have detailed transcripts available but, for now, listen in for the real details.

Help Spread the HICP Word

If you haven’t looked into it yet, download the documents and give it a go.  There are plenty of ways all of us can use this information.  The best part is there will be more coming out in 2020.

Has HICP helped you in some way?  Tell your story to the team and help them spread the word.  Want to host a HICP discussion with your organization?  Have questions about HICP?  Contact the team at cisa405d@hhs.gov.

Got questions you want us to cover on the podcast about anything in our HICP discussion?  Contact Us and let us know.

Resources we mentioned in our Erik Decker HICP discussion

To contact the task force directly email them cisa405d@hhs.gov

Cybersecurity Act of 2015 Section 405(d) Task Group

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM)