Privacy & Security Policy

Resilience goes beyond good hygiene

You’ve done assessments and you have a roadmap of projects you know will address risks in your health system.  Your planning for the future and prepared for unforeseen events.  All the while, there are congressional and administration activities that constantly change and have the ability to impact risk, compliance, and organizational strategy.   First brings both policy expertise and regulatory perspectives to address the initiatives born from your strategic vision as a CISO, CIO, CMIO, Network Director, Health Technology Manager or Business Stakeholder.

Security and Privacy – Public Policy Expertise and Insight:

First’s Cyber Health Team is a trusted partner in better understanding rule making, standards and policy before final implementation impacts that way your organization operates.  Interpreting FDA 510(K) rules, HIPAA/HITECH/21st Century Cures directives while following TEFCA, information blocking, CCPA, and NY SHIELD are just a couple areas that have or will have major impact on how you address device and data security now and in the future.   In addition, guidance from FDA, NCCoE, NIST and others to improve deployment and security are constantly being updated and it is your organizations responsibility to stay abreast of all this.  First’s leadership is heavily involved in policy workgroups, committee relations and medical device/data advocacy.  We are firm believers that understanding the government’s role and its signals should influence strategic decision making and preparedness.

Clinical Perspectives on Medical Devices

The ever increasing sprawl of devices in healthcare poses an enterprise wide challenge. Managing the accountability, integrity, confidentiality and overall patient safety must involve clinicians, who have general responsibility for the output of managed devices.  First’s Cyber Team Physician Executive Advisor, Dr. Mary Gregg, is well versed in risk management, policy, and security issues as seen from a practicing clinician or CMIO perspective.  Having strong clinical advocacy in the device arena, as telemedicine, patient engagement and wearable health technologies widen the threat surface is critical to the success and adoption of your initiatives.