Printer Friendly, PDF & Email

Federally Qualified Health Center: Improve cybersecurity with a hiccup!

Rich Curtiss ( is a Principal, Healthcare Risk Assurance Services, at Coalfire in Alpharetta, GA.

Last December, the Department of Health and Human Services (HHS) released the publication “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (HICP)[1] Lightheartedly, the HICP is referred to as the “hiccup” (the federal government is fond of converting abbreviations and acronyms into pronounceable names). The HICP is designed to help healthcare organizations of all sizes identify threats and potential mitigation strategies and provide healthcare-specific cybersecurity best practices. So, what relevance does this have for a Federally Qualified Health Center (FQHC)? HHS describes the significance of this publication and effort as follows:

The industry-led effort was in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together over 150 cybersecurity and healthcare experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. It was the result of a true public-private partnership to better secure the nation’s health systems.[2]

This document is only available to members. Please log in or become a member.