New Offering Enables Healthcare Organizations to Demonstrate HICP Coverage and Address OCR Standards for Consideration During Enforcement Actions
Boston, MA and Miami, FL – VIVE 2022 Conference – March 7, 2022 – Censinet, a leading provider of risk management solutions for healthcare, today announced Censinet RiskOps for HICP, the industry’s first and only enterprise risk management solution built for Health Industry Cybersecurity Practices (HICP). Offered as a standalone solution or integrated with the Censinet RiskOps Third-Party Risk Management platform, Censinet RiskOps for HICP streamlines and automates the Health Industry Cybersecurity Practices into an easy-to-use and powerful workflow and reporting solution. With Censinet RiskOps for HICP, healthcare organizations gain visibility into their current cybersecurity risk posture, affording business, GRC, and IT leaders a clear picture of their HICP coverage while spelling out the specific actions required to improve their cybersecurity risk posture to ensure patient safety and safeguard protected health information (PHI) and systems.
“Today’s launch of Censinet RiskOps for HICP revolutionizes how the healthcare industry protects patient care by effectively integrating cybersecurity best practices and enterprise risk management,” stated Ed Gaudet, CEO and Founder of Censinet. “Alternative security and risk frameworks have historically been expensive, difficult, and time-consuming to implement for most healthcare providers. Censinet RiskOps for HICP enables physician practices, hospitals, and large, integrated health networks to affordably prove they are doing the right thing to improve their overall cyber posture.”
The publication of the HHS 405(d) Health Industry Cybersecurity Practices (HICP) in 2019 outlined a healthcare-specific approach to cybersecurity. Created in partnership with public and private organizations across the healthcare industry, HICP provides “practical, understandable, implementable, industry-led, and consensus-based voluntary cybersecurity guidelines to cost-effectively reduce cybersecurity risks” for “health care organizations of varying sizes.” To achieve this, HICP focuses on the five most prevalent cybersecurity threats and ten cybersecurity practices that address those threats. Recent laws and regulations, such as the update to the Health Information Technology for Economic and Clinical Health Act (HITECH), instruct OCR to consider implementing these recognized cyber security practices during enforcement actions in the case of breaches. If certain recognized security practices such as HICP can be demonstrated to have been adopted for at least 12 months, it can lead to mitigated fines, early, favorable termination of audits, and mitigated remedies in settlement agreements.
“The Health Sector Coordinating Council established HICP to reduce cybersecurity risk cost-effectively, support organizational adoption, and deliver actionable guidance for protecting patient safety and data,” said Erik Decker, Chief Information Security Officer at Intermountain Healthcare, Co-Lead of the 405(d) Task Group, and Chair of the Healthcare and Public Health Sector Coordinating Council Cyber Security Working Group. “A solution such as Censinet gives healthcare providers the means to easily and effectively support the creation and management of HICP, resulting in a more protected healthcare system.”
Censinet RiskOps for HICP delivers assessment workflows that guide healthcare organizations through an internal audit that maps directly to the 405(d) HICP documentation. It automatically generates a report for your board or HHS that demonstrates your cyber posture. Key capabilities include:
- HICP-based questionnaires aligned to organization size
- Automated generation and tracking of findings and remediations
- Peer benchmarking
- Forecasts projecting future risk coverage based on identified corrective actions completion
- Evidence uploading to demonstrate best practice adoption
- Report generation for Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and insurance
- Assessment segmentation for evaluating regional or practice area risk exposure
- Custom scheduling of assessments and reassessment to match organizational requirements
- Scoping assessments to address unique organizational structure
- Importation of previous assessments for establishing a single repository
- Executive dashboard that reports on overall cyber posture
Censinet RiskOps for HICP is available now, and the Company will be demonstrating these new platform capabilities in the ViVE Cybersecurity Pavilion at Booth 1012-16. Censinet executives and healthcare risk professionals will be there to answer questions on HICP, its integration into Censinet RiskOps, and how any healthcare organization can get started.
For more information on how healthcare organizations can reduce and avoid the impact of risk, please visit censinet.com/HICP. To learn more about HICP and Censinet RiskOps for HICP, please join us for a webinar with industry leaders as they discuss HICP and how to effectively implement it: March 30, 2022: censinet.com/HICP-webinar.
Censinet, based in Boston, MA, enables healthcare organizations to take the risk out of their business with Censinet RiskOps, the first and only cloud-based exchange that integrates and consolidates enterprise risk management and operations capabilities across critical clinical and business areas. RiskOps builds upon the Company’s foundational success with third-party risk management (TPRM) for healthcare. Censinet transforms healthcare risk by increasing productivity and operational effectiveness while eliminating risks to care delivery, data privacy, and patient safety. Find out more about Censinet and its RiskOps platform at censinet.com.
Rob Ciampa Adam Benson
(617) 286-6785 (202) 999-9014