Privacy and Security Policy

Resilience is More Than Just Good Security

You’re compliant, you’ve done assessments and you have a roadmap with a deluge of projects you know will address risks in your health system, yet you are fighting fires every day, stranding you in reactive mode.  All the while, you can’t patch many legacy devices and there is no budget to replace them.  The challenges go beyond segmenting the network and detecting intrusions.  First brings both policy expertise and regulatory perspectives to address the initiatives born from your strategic vision as a CISO, CIO, CMIO, Network Director, Clinical Engineering Leader or Business Stakeholder.

Health Device Public Policy Expertise and Insight:

First’s Cyber Health Team is a trusted partner in better understanding rule making, standards and policy before final implementation impacts that way your organization operates.  Interpreting FDA 510(K) rules, HIPAA/HITECH/21st Century Cures directives while following TEFCA, information blocking, CCPA, and NY SHIELD are just a couple areas that have or will have major impact on how you address device and data security now and in the future.   In addition, guidance from FDA, NCCoE, NIST and others to improve deployment and security are constantly being updated and it is your organizations responsibility to stay abreast of all this.  First’s leadership is heavily involved in policy workgroups, committee relations and medical device/data advocacy.  We are firm believers that understanding the government’s role and its signals should influence strategic decision making and preparedness.

Clinical Perspectives on Medical Devices

The ever increasing sprawl of devices in healthcare poses an enterprise wide challenge. Managing the accountability, integrity, confidentiality and overall patient safety must involve clinicians, who have general responsibility for the output of managed devices.  First’s Cyber Team Physician Executive Advisor, Dr. Mary Gregg, is well versed in risk management, policy, and security issues as seen from a practicing clinician or CMIO perspective.  Having strong clinical advocacy in the device arena, as telemedicine, patient engagement and wearable health technologies widen the threat surface is critical to the success and adoption of your initiatives.