CMS nursing home cyber security recommendations

In a January 13, 2017 S&C memo, “Recommendations to Providers Regarding Cyber Security,” CMS provides resources for nursing homes and other providers to assist with reviewing their cyber security programs. A review of cybersecurity policies and procedures is recommended by the Agency as part of the “all hazards approach” to emergency preparedness, but is not a required component of a facility’s written plan.

Does that mean cyber security attacks couldn’t affect your nursing facility? Savvy providers will gather their leadership teams and ensure that their IT policies and procedures are adequate in the event of this type of emergency. CMS notes that there are a multitude of potential adverse outcomes if your facility experiences a cyberattack, including:

  • Disruptions to patient care including missing information/orders
  • Potential compromise of PHI/PII
  • Loss of electronic health records or computer-based systems

CMS “encourages providers to consider cyber-security as an element in the development of their emergency plans, risk assessments and annual training exercises.” Facilities may also consider addressing alternative means of communication in their communication plan should electronic communications be unavailable.

Read CMS S&C letter “Recommendations to Providers Regarding Cyber Security” (Ref: S&C: 17-17-ALL).

Do you need help developing your facility’s emergency preparedness plan, or need assistance with review or development of your cybersecurity policies and procedures to ensure your continued business operations? CMSCG’s consultants can help. Contact us today to learn more.


Reach out today and let's get started!

Urgent Compliance Concern? Call CMSCG

(631) 692-4422
cmscg podcast. five-star quality

Contact CMS Compliance Group

© 2011-2024 CMS Compliance Group, Inc. All Rights Reserved. Privacy Policy