Lexology April 4, 2024
Mintz

As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and then recently proposed in the FY 2025 Budget to establish certain HPH CPG compliance incentives and penalties for hospitals.

The HPH CPGs are divided into “essential” goals, which are intended to serve as baseline standards for organizations, and “enhanced” goals meant to promote more sophisticated practices. HHS used the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Cross-Sector CPGs released in March 2023 as well as other industry cybersecurity frameworks to develop the HPH CPGs:

Essential Goals:

  • Mitigate Known Vulnerabilities;
  • Email Security;
    • ...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, Technology
Related Articles:
New York’s 1332 Waiver Extends Affordable Coverage to Additional Groups
HHS Finalizes Antidiscrimination Rules On Patient Care Decision Tools, Including AI
Medical research is changing, data privacy laws have not
J&J,, BMS set to appeal losses in IRA drug pricing lawsuits
Senators probe cyber agency's role in Change hack

Share This Article