HIPAA Audits On the Way—Are You Ready? Part 5

Part 5: Navigating HIPAA, 405(d), and CPGs

Part 5: Navigating HIPAA, 405(d), and CPGs

In addition to the recent announcement of new HIPAA audits, HHS has introduced Cybersecurity Performance Goals (CPGs) intended to help healthcare organization prioritize the implementation of high-impact cybersecurity practices.

The CPGs are informed by select references to the 405(d) Health Industry Cybersecurity Practices, the NIST Cybersecurity Framework, the NIST Special Publication 800-53rev5 Controls, and the 2023 Hospital Cyber Resiliency Landscape Analysis. While voluntary at this point, the goals may serve as inputs into future regulatory requirements, including changes to the HIPAA Security Rule, which HHS has stated it will begin the process of revising in the spring of 2024.

How should healthcare organizations be thinking about CPGs relative to HIPAA and what steps should you take to ensure your organization is alignment with where industry requirements are headed? In this final webinar of our series, Clearwater experts will break down the latest from HHS and help you chart an effective course.

Presentation Materials


Jon Moore, MS, JD, HCISPP
Chief Risk Officer and Head of Consulting Services and Client Success

Navigating HIPAA, 405(d), and CPGs

Related Blogs

With Us