EHNAC’s Executive Director Offers Healthcare Industry an Important Overview of HHS Cybersecurity Policies and Procedures

FARMINGTON, Conn. – May 28, 2019 – Lee Barrett, CEO and executive director of the Electronic Healthcare Network Accreditation Commission (EHNAC) and a member of the U.S. Department Health & Human Service (HHS) Cybersecurity Task Group (405d) joined fellow Task Group members late last year on the development of practical cybersecurity guidelines to reduce cybersecurity risks for the healthcare industry. The result was the creation of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. Within the four-volume publication, several cybersecurity threats impacting the healthcare industry and ten practices to mitigate those threats are explored. The publication aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.

Recently, Barrett was asked by HHS to provide an important overview of Cybersecurity Practice #10: Cybersecurity Policies during which he outlines best practices for the implementation of cybersecurity policies and procedures within healthcare organizations. Within the narrative, Barrett emphasizes the overall importance of having written policies and procedures that, “need to be current, they reflect the way your organization conducts its business and are disseminated to all your workforce members. It doesn’t make sense to have policies and procedures in a binder, stored on a shelf somewhere collecting dust. Your documents need to be readily available to all staff and dynamically updated as your organization evolves/changes.”

The complete audio of Barrett’s overview of Cybersecurity Practice #10: Cybersecurity Policies can be found here:

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on Twitter, LinkedIn and YouTube.