Analysis: Permitting Cybersecurity Donations to PhysiciansAttorney Julie Kass Discusses New Regulatory Provisions
New regulatory provisions that allow healthcare systems to make donations of cybersecurity technology and services to physician practices could help greatly bolster security in the sector, says attorney Julie Kass of the law firm Baker Donelson.
In November, the Department of Health and Human Services' Centers for Medicare and Medicaid Services and the HHS Office of Inspector General issued final rules modifying so-called Stark Law and federal anti-kickback regulations (see: HHS Rule Changes Allow for Cybersecurity Donations).
The new safe harbors allow hospitals, healthcare delivery systems and others to provide physician practices and other less-resourced healthcare providers with free cybersecurity technologies, such as hardware and software, as well as services.
"In a system where we're trying to combine health information and make records interoperable - and have everybody share in the data of patients - if a cybersecurity attack happens in a doctor's office, it can have equal effects on a hospital or another part of our healthcare system, like a nursing home," she says in an interview with Information Security Media Group.
"As we get more interrelated in our data ... it's important that the whole system and the structure really be protected."
In this interview (see audio link below photo), Kass also discusses:
- Who can donate cybersecurity technology and services and who can accept the donations;
- Potential mistakes that entities making or accepting cybersecurity donations should avoid;
- Other important privacy and security regulatory issues to monitor in the year ahead.
Kass is a regulatory attorney at law firm Baker Donelson's health law group, with a practice that encompasses a range of services. She has experience related to the fraud and abuse aspects of Medicare and Medicaid, including the Stark and anti-kickback laws.