AMA, HITRUST partner to improve cybersecurity in vulnerable physician practices

Small medical practices, which often lack the resources of larger organizations, will get some help to improve their cybersecurity posture and protect patient information.

HITRUST and the American Medical Association announced they are partnering to provide education on cyber risk management with workshops planned around the country to educate physicians and practice staff on cyber assessments, preparedness and response.

The two-hour workshops will provide education on key areas of risk management, HIPAA compliance and cybersecurity targeted to small practices. The workshops will be held at various locations around the country in conjunction with HITRUST’s Community Extension Program.

The first workshop, hosted by Children’s Health in Dallas, will be held October 9. More information on dates and locations will be posted on the HITRUST web site.

Two recent global ransomware attacks, including the WannaCry attack in May to the United Kingdom’s hospital system, highlighted the potential dangers of network disruptions in the healthcare environment and cybersecurity experts have warned that subsequent attacks could have a much more devastating impact on patient safety.

“Trying to determine the best way to secure my practice from cyberthreats was a significant—and at times, overwhelming—undertaking,” J. Stefan Walker, M.D., a physician in a small practice in Corpus Christi, Texas, said in the announcement. Many education programs are geared toward larger healthcare organizations and are not practical for a practice with only a handful of employees, he said.

A report released by the HHS Cybersecurity Task Force in June indicated that a "severe" cybersecurity workforce shortage and a lack of resources available to small and medium-sized providers were among the biggest risks facing the industry. 

The workshops will cover topics, including:

  • How to perform cyber and HIPAA risk assessments.
  • Fundamentals of good cyber hygiene.
  • How to implement cost-effective and manageable cybersecurity solutions within a practice.
  • Lessons learned from other physician practices.

Children’s Health has used the program developed by HITRUST in over 50 of its associated physician practices and has had no undetected and unmitigated cyber events, according to Pamela Avora, the organization's CIO.