When the COVID-19 pandemic spread across the globe in 2020, the need for social distancing and isolation impacted the availability of in-person, non-emergency healthcare appointments. As a result, telehealth became a common way for healthcare providers to serve their patients without seeing them in-person, and with its rise came related HIPAA compliance concerns.

These days, with recent ransomware attacks disrupting healthcare providers and affecting millions of Americans, it’s become painfully clear that cybersecurity in this sector is no longer just an IT issue—it’s a patient safety issue, and the stakes are higher than ever. The proposed Health Infrastructure Security and Accountability Act of 2024 (HISAA), spearheaded by Senators Ron Wyden and Mark Warner, aims to address these vulnerabilities head-on.

ISO/IEC 42001:2023 has rapidly become the global standard for Artificial Intelligence (AI) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.

Underscoring the firm's commitment to responsible AI, this accreditation enables Schellman to certify organizations against the first global AI standard of its kind

In the healthcare industry, artificial intelligence (AI) is being used to save lives—using data sets, these systems are being trained to examine imaging and successfully detect potential health risks, like cancer. However, as with every technological development and shift in its use, new risks have also emerged related to the use of AI, as have measures to help mitigate them—one of which is the HITRUST AI Risk Management Assessment.

Back in March 2022, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed into law as yet another regulation aiming to enhance federal cybersecurity by requiring critical infrastructure entities to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Two years later, on April 4, 2024, CISA published its proposed rule to codify CIRCIA’s specific mandates, which are expected to take effect in 2026.

TAMPA, Fla. – August 21, 2024 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is excited to welcome six distinguished leaders to its inaugural Advisory Board, marking a significant move to bolster leadership.