How New Laws Impact Your Security Plan

The Cybersecurity and Infrastructure Security Agency (CISA) is a government organization that leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Their vision is a secure and resilient critical infrastructure for the American people. 

For the average practice, CISA might not be on your radar. How does CISA impact you?

Recently, the Senate passed a 2,700-page, $1.5 trillion omnibus containing all 12 fiscal 2022 spending bills. Inside that spending bill is a mandatory reporting requirement for victims of cyberattacks. It requires owners and operators to report significant hacks to the CISA within 72 hours, and ransomware payments within 24 hours. 

This may be the latest change to affect your business, but it certainly isn’t the only one, and it won’t be the last. 

HIPAA has undergone significant changes since its inception. The 2020 CARES Act, the 2021 HIPAA Safe Harbor Law, and others all impact the way you operate your business. The newest proposed regulations could significantly change your business practices, and include rules that would:

  • Allow patients to inspect their PHI in person and take notes or photographs. 
  • Allow individuals to request their PHI be transferred to a personal health application. 
  • Require an entity to post estimated fee schedules on their websites for PHI access and disclosures

These are just a select few requirements that very soon could be in place. 

Do you know when and how these new regulations are introduced? 

And more importantly, how you will implement them into your business? 

Given that extensive regulation can change your business environment each year, it’s crucial to have a strategy in place to ensure you’re up to date. Here are a few suggestions for staying on top of changing requirements, and ensuring you remain in compliance. 

Make it a habit to check sites for updated rules

It’s important to follow news sources that alert you to potential changes that may impact the way you do business. That includes resources that provide guidance at all levels of government, and include things like HIPAA rules. 

Join trade groups and associations

Certain groups and associations will often do some of the legwork for you. By joining, you’ll receive updates and newsletters alerting you to potential changes, and even providing ways to implement them into your business. 

Stay up to date with your training

Conferences and training through your local community and industry will often alert you to new concepts and ideas. You can use them to schedule changes within your own business model. 

Designate a compliance officer

Instead of leaving this to chance, it might benefit you to assign the duties to one individual. Ensure this person has the knowledge and resources to dig deep and discover what’s happening in the world. 

Outsource with an expert

Instead of bringing this task in-house, it may benefit you to partner with a security team who will do the legwork for you. They watch for compliance issues and ensure your infrastructure is set up to handle the change. 

No matter which methods you choose, it ultimately comes down to you. Your practice must stay in compliance with everything coming down the pipeline. Do you have the resources to ensure you meet the demands? 

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.