In a January 13, 2017 S&C memo, “Recommendations to Providers Regarding Cyber Security,” CMS provides resources for nursing homes and other providers to assist with reviewing their cyber security programs. A review of cybersecurity policies and procedures is recommended by the Agency as part of the “all hazards approach” to emergency preparedness, but is not a required component of a facility’s written plan.
Does that mean cyber security attacks couldn’t affect your nursing facility? Savvy providers will gather their leadership teams and ensure that their IT policies and procedures are adequate in the event of this type of emergency. CMS notes that there are a multitude of potential adverse outcomes if your facility experiences a cyberattack, including:
- Disruptions to patient care including missing information/orders
- Potential compromise of PHI/PII
- Loss of electronic health records or computer-based systems
CMS “encourages providers to consider cyber-security as an element in the development of their emergency plans, risk assessments and annual training exercises.” Facilities may also consider addressing alternative means of communication in their communication plan should electronic communications be unavailable.
Read CMS S&C letter “Recommendations to Providers Regarding Cyber Security” (Ref: S&C: 17-17-ALL).
Do you need help developing your facility’s emergency preparedness plan, or need assistance with review or development of your cybersecurity policies and procedures to ensure your continued business operations? CMSCG’s consultants can help. Contact us today to learn more.