In today’s digital age, almost everything is electronic: medical records, documentation, communication, files, and more. In the LTPAC industry, you deal with sensitive and confidential information on a daily basis, whether it is patient files, employee records, payment information, or internal communications. While you may not think that your facility is a high-risk target for hacking and cybercrime, the numbers tell a different story. According to cybersecurity firm Symantec 31% of all cyber attacks targeted businesses with fewer than 250 employees. For this reason, a strong, comprehensive cyber security policy is vital for LTPAC facilities of all sizes.
Purpose of a Cybersecurity Policy
Creating a cyber security policy for your LTPAC facility is crucial. By taking proactive measures now, you can severely mitigate the risks of future data breaches, HIPAA violations and cyber attacks. A security policy serves as the basis and guidelines for an effective, comprehensive, timely, and active security program within an organization. The plan translates standards, guidelines, and objectives into specific, measurable objectives and actions.
Outline of a Cyber Security Policy
A cyber security policy must be coherent and logical in nature as it will be shared with management, employees, and other stakeholders. A cyber security policy typically follows the following outline:
- Introduction: The introduction provides the reader with a brief description of the policy’s purpose and objectives.
- Roles and Responsibilities: This section outlines the specific responsibilities of departments, management, employees, and other residual parties.
- Policy Directives: This section provides adequate information to guide the development and implementation of guidelines and specific security procedures.
- Enforcement, Auditing, Reporting: This identifies enforcement measures, violations of the policy, penalties, and auditing measures. It also identifies what actions will be taken in the event of a policy violation.
- References: This section lists all references mentioned in the policy, including agency standards, procedures, government code, and State Administrative Manual sections. The reference section shows what information was used to create the policy and where it came from.
- Control and Maintenance: This section describes the circumstances, procedures, and situations in which the policy will be reviewed. To ensure timeliness, a policy should typically be reviewed annually at the very least.
- Appendix: A sample Acceptable Use Policy for employees to sign is typically included in the appendix for reference.
The next four blogs will discuss the four key elements of a comprehensive cyber security policy: developing and implementing physical safeguards; developing and implementing administrative safeguards; developing and implementing technical safeguards; and developing a contingency plan in the event of a cyber breach or attack. Additionally, the blogs will provide resources for LTPAC managers and professionals.
- Developing and implementing physical safeguards
- Developing and implementing administrative safeguards
- Developing and implementing technical safeguards
- Developing a contingency plan in the event of a cyber breach or attack