Tuesday, January 31, 2017

CMS Recommendations to Providers on Cyber Security



On January 13, 2017, the Centers for Medicare and Medicaid Services (CMS) reminded providers and suppliers to keep current with best practices regarding mitigation of cyber security attacks. CMS outlined resources to assist facilities in their reviews of their cyber security and IT programs. In the CMS memo, the Agency recommends “ that facility leadership review current policies and procedures to ensure adequate plans are in place in the event of an attack.” The memo goes on to include that “while the new Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers regulation does not specifically address elements of cyber-security, the regulation requires providers and suppliers to have an emergency plan and risk assessment based on an ‘all-hazards’ approach. An all-hazards approach is an integrated approach to emergency preparedness planning that focuses on capacities and capabilities that are critical to preparedness for a full spectrum of emergencies or disasters. CMS encourages providers to consider cyber-security as an element in the development of their emergency plans, risk assessments, and annual training exercises. While not a requirement, facilities may consider adding cyber security protocols to their policies and procedures.” The full CMS memo can be found here


As you may know, the new emergency preparedness final rule impacts Skilled Nursing Facilities, Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities. This final rule is not applicable to Assisted Living Providers. The rule was released on Friday, September 16, 2016, and can be found here. Providers will need to be in compliance by November 2017. AHCA is doing educational webinars and events around the final rule throughout this year, including a 4-part webinar series.    

No comments:

Post a Comment