HICP Compliance Software
With ComplyAssistant's HICP compliance software, you can protect your organization against the top five threats identified by HICP by implementing ten recognized security practices.
- Home
- Security Frameworks
- HICP Compliance Software
"ComplyAssistant’s cloud-based software solution allowed us to efficiently and effectively manage the entire compliance process, from assessment development and distribution through management of action items." --CIO, Cape Regional Health System
Software that manages cybersecurity threats and patient safety, all in one platform
In May 2017, section 405(d) was formed by Health and Human Services (HHS) as a task group to focus on the five most prevalent cybersecurity threats that organizations of varying sizes and backgrounds face today. As part of this work, they developed ten recognized security practices (RSPs) / controls to create a safer, more compliant IT infrastructure and help healthcare organizations (small, medium, and large) to reduce cybersecurity risks.
The new health industry cybersecurity practices rule (HICP) requires that when calculating fines, evaluating audits, or reviewing proposed mitigation steps, HHS consider whether covered entities and business associates adequately demonstrated that they had RSPs in place for at least 12 months.
By documenting and demonstrating evidence of compliance for 12 months, covered entities and business associates could receive:
- Mitigated HIPAA fines
- Favorable and early termination of the HIPAA Audit
- Mitigated remedies in a HIPAA resolution agreement with HHS
Cyberattack Protection with HICP Risk Register Tool E-Book
This e-book serves as an introduction to HICP Compliance and how a GRC software risk register tool can help you manage it.
HICP Compliance No Matter the Threat
HICP breaks out risks for organizations into five threats:
- E-mail phishing attacks
- Ransomware attacks
- Connected medical device attacks that may affect patient safety
- Loss or theft of equipment or data
- Insider, accidental, or intentional data loss
Filter the Threat
With ComplyAssistant’s HICP Risk Register tool, a user selects one of the five threats and places it on the Risk Register to evaluate it accordingly. The platform then filters the threat through custom settings and capabilities, such as likelihood and impact.
Control the Threat
From there, users can assign controls to various threats to mitigate the risk of the threat occurring. These controls are best practices designed by the Section 405(d) taskforce and based on a set of voluntary, consensus-based principles and practices to improve cybersecurity in the healthcare sector.
Mitigate the Threat
