June 7, 2023

Volume XIII, Number 158


June 06, 2023

Subscribe to Latest Legal News and Analysis

June 04, 2023

Subscribe to Latest Legal News and Analysis

HHS Releases Cybersecurity Guide

The US Department of Health and Human Services recently updated its guide to help the private and public healthcare sectors develop cybersecurity protocols that address NIST’s Framework for Improving Critical Infrastructure Cybersecurity. The guide is a toolkit, with information and resources intended to help companies implement cybersecurity programs in the health care space. While the aim of this guidance is to help companies implement NIST’s protocols for protecting US critical infrastructure, the recommendations contained in the guide mirror other agencies’ security recommendations (for example those we have written about from the Department of Labor and the FDA).

Included in the guide are recommendations on implementing NIST’s seven-step cybersecurity framework (prioritize – orient – create a current profile – risk assessment – target profile – gap identification – action plan). Within the guide are items specific to health care providers, including conduct an enterprise wide inventory of the creation, reception, maintenance, and transmission of electronic protected health information (ePHI) and doing a business impact analysis on systems that create, receive, maintain, and transmit ePHI. The guide also contains information about external resources available to assist in cybersecurity efforts (with a list of many tools developed for the health care industry, like the Health Care and Public Health Risk Identification and Site Criticality Toolkit).

Putting it into practice: While this guide is intended as a resource rather than a compliance roadmap, it is a reminder that HHS is increasing its focus on cybersecurity.

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XIII, Number 88

About this Author


Charles Glover is an associate in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Charles' practice focuses on breach response, data privacy law, and intellectual property disputes. His representations cover a variety of clients, including national banks, domestic airlines, and entertainment companies.

Charles’ solutions-oriented focus and diverse experience allow him to develop and implement dynamic strategies tailored to meet his clients’ needs. He has helped clients of all sizes and stages...

Kari Rollins Intellectual Property Lawyer Sheppard

Kari M. Rollins is a partner in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Ms. Rollins focuses her practice on privacy and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, food services, retail, and fashion industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums....