Protecting data in the healthcare industry continues to be an area of focus for regulators and lawmakers. HIPAA Journal noted that in 2016 more HIPAA covered entities reported breaches than in any other year since the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights started publishing breach summaries on its “Wall of Shame” in 2009. Almost all of these breaches affected healthcare providers. Add to the mix the global cyberattacks we saw in May 2017 and the growing threat from ransomware and you can see a perfect storm forming.

One potential aid in weathering this storm is the public-private partnership discussed at a recent Congressional hearing before the U.S. House of Representatives Energy and Commerce Subcommittee on Oversight and Investigations. Subcommittee Chairman Representative Tim Murphy (R-PA) called cybersecurity in the healthcare sector “essential” and encouraged healthcare institutions to continue ongoing efforts to form an effective public-private partnership to assist in these efforts.

The hearing focused on the National Health Information Sharing and Analysis Center (“NH-ISAC”), which is a global, nonprofit organization whose members represent approximately one-third of the U.S. health and public health GDP. There are approximately 200 members of the NH-ISAC. The purpose of an ISAC is to help private sector entities share cyber-related threat information with one another. The NH-ISAC works closely with HHS in its efforts to combat cyber threats.

During the hearing, Denise Anderson, the President of the NH-ISAC, noted there are many small healthcare providers like physician practices, chiropractor offices and dental practices that are vulnerable to cyberattacks and would benefit from education through the NH-ISAC. She also stated that she was concerned that many small and mid-sized providers do not even realize the NH-ISAC exists.

Several examples were given at the hearing of NH-ISAC work that could help smaller healthcare providers reduce their vulnerability to cyberattacks. One example of that work is the CyberFit suite of services, which Anderson explained allows members to leverage the NH-ISAC community to realize cost savings and efficiencies. Another was the Medical Device Security Information Sharing Council, a forum for manufacturers and hospitals to interact and collaborate in order to advance medical device security and safety. There also was testimony at the hearing regarding an NH-ISAC project in which different members create portions of a security incident response plan or a security operations plan, and then donate that into the public domain or at least into the healthcare sector.

Members of the committee expressed appreciation of the serious consequences that cyberattacks could have on the healthcare sector. These members also expressed interest in the efforts of the NH-ISAC to increase its membership and improve cybersecurity in the healthcare sector. In this environment of heightened cyber-threats and HIPAA enforcement, healthcare providers may wish to consider including the NH-ISAC as a resource in their cybersecurity efforts.

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Michael R. Bertoncini Michael R. Bertoncini

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, employment law counseling and litigation, and data privacy and security law.

In labor relations matters…

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, employment law counseling and litigation, and data privacy and security law.

In labor relations matters, he regularly counsels clients on the practice of positive employee relations, negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with respect to rights and obligations under collective bargaining agreements and applicable labor and employment laws. He also has extensive experience in advising organizations responding to corporate campaigns and negotiating neutrality agreements.

Mr. Bertoncini’s privacy and data security practice focuses on advising clients on complying with HIPAA and other state and federal privacy and data security laws. He regularly reviews and develops policies and procedures, written information security plans and integrated compliance programs to assist clients in meeting their obligations under privacy and data security laws. Mr. Bertoncini has represented clients in investigations of alleged data breaches and advises them on their reporting obligations in the event of a data breach. He also conducts workplace training programs on HIPAA compliance and related privacy and data security topics.

Before joining Jackson Lewis, Mr. Bertoncini was Deputy General Counsel for a hospital system that is the largest fully integrated community care organization in New England. He was responsible for all of the system’s labor and employment law matters, and was involved in its acquisition by a private equity firm as well as its growth from six to ten hospitals in a twelve-month period. His three years as in-house counsel for this large health care system give Mr. Bertoncini a keen understanding of the impact of labor and employment law issues on clients’ business operations.

In addition to his labor relations and privacy experience, Mr. Bertoncini has extensive experience in conducting internal investigations and counseling clients on whistleblower and retaliation matters, as well as negotiating executive agreements, both employment and separation agreements. Mr. Bertoncini also represents clients in the litigation of employment matters. His litigation experience includes matters before federal and state courts and administrative agencies. He has appeared before United States Courts of Appeals and District Courts, Massachusetts and New York state courts, the Equal Employment Opportunity Commission, and the Massachusetts Commission Against Discrimination.

Mr. Bertoncini is a frequent speaker and trainer on labor and employment law topics for various organizations including Massachusetts Continuing Legal Education, Council on Education in Management, Lorman Education Services, the Boston Bar Association, and several chambers of commerce.

While attending Boston College, he received the John A. McCarthy, SJ Award for the most distinguished Scholar of the College thesis.