Two hot-topic developments in cybersecurity and government procurement.
Since Physicians Practice® has a wide breadth of readers, which include physicians that are owners in companies that participate in U.S. Government procurement processes with various government agencies, I wanted to provide an overview of some key terms and standards, as well as share some take-aways, which relate back to healthcare providers.
But, first, there are two recent cybersecurity items which deserve attention. The FBI and CISA issued a Joint Cybersecurity Advisory to warn of “a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States. The threat actor conducts mass- scanning and uses tools, such as Nmap, to identify open ports.” Given the increase in cyberattacks during COVID-19, as well as the increase in telecommuting and telehealth, which were rapidly deployed, it is critical for covered entities, business associates, and subcontractors to conduct their annual risk analyses.
Another item is the House passing the Internet of Things (IoT) Cybersecurity Improvement Act, which was initially introduced in the Senate in 2017 and reintroduced in 2019. The bill received bi-partisan support to improve “the cybersecurity of Internet-connected devices by requiring that devices purchased by the U.S. government meet minimum-security requirements.” If adopted, the bill would require the following:
Many of these requirements are similar to other areas of procurement. First and foremost, the National Institutes for Standards and Technology (“NIST”) requirements must be met. This makes sense because the U.S. Government has these compulsory requirements internally. In order to mitigate the risk of hiring a vendor with inadequate technical, administrative, and physical safeguards, the Government uses NIST as a foundation.
NIST is also incorporated into a variety of laws including, but not limited to the following:
What can physicians, covered entities, and business associates take-away from the government procurement process? First, NIST standards should be incorporated into an entity’s annual HIPAA risk analysis and related policies and procedures. Second, providers contract with the Centers for Medicare and Medicaid Services to participate in Medicare, Medicaid, and TRICARE–read the provider agreement, as well as the attestation portion of the CMS and TRICARE claim forms. Lastly (and it should really go without saying), be truthful when submitting any document to the government, especially when payment is involved.
Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.
Asset Protection and Financial Planning
December 6th 2021Asset protection attorney and regular Physicians Practice contributor Ike Devji and Anthony Williams, an investment advisor representative and the founder and president of Mosaic Financial Associates, discuss the impact of COVID-19 on high-earner assets and financial planning, impending tax changes, common asset protection and wealth preservation mistakes high earners make, and more.
How AI billing delivers precision, compliance, and savings
November 26th 2024For healthcare providers, executives, and decision-makers, embracing AI in claims processing is not just a step toward improved financial outcomes—it’s an ethical commitment to better care and a more patient-centered approach to service delivery.
How to reduce surprise billing in your practice
November 15th 2021Physicians Practice® spoke with Kristina Hutson, a product line developer at Availity, about surprise billing events in independent healthcare practices and what owners and administrators can do to reduce the likelihood of their occurrence.