Sector Mapping and Risk Toolkit (SMART)
Work-Flow Map Request Form
Request Form Requirements
Please use the following request form to access the systemic work-flow maps with function identifiers that are otherwise redacted from the examples contained in Appendix A of the SMART toolkit.
Due to the sensitive nature of these maps, specific organization names are not included in the maps in order to protect their identities and to recognize that organizations using these maps collectively contract with a large variety of third-party services that would be impractical to catalogue and keep up-to-date.
Requests will be vetted to restrict access for only those organizations with “need to use”; i.e., regulated healthcare entities and essential infrastructure service providers and consultancies that support these work-flows. Accordingly, requestors must represent legitimate health sector entities or core support functions (i.e., no Gmail, Yahoo, Hotmail, or other non-specific domains). Members of the press are not eligible to receive the workflow maps other than the sanitized versions in Appendix A.
All maps provided to requestors are marked Traffic Light Protocol (TLP) Red – meaning they are not to be shared outside of your organization.
User Engagement by HSCC CWG
An important part of this initiative and its map distribution process is for the HSCC Cybersecurity Working Group to have visibility into the number and range of organizations using the toolkit and to later solicit your feedback and lessons learned about your use of it. This will help us improve its relevance and utility as market dynamics require. However, any feedback from you is voluntary; access to these maps is not contingent on your agreeing to provide feedback.
To protect your identity and operational security, your organization name as a user will not be made public. Public characterizations, if any, of toolkit usage will be restricted to the number and generic type of users by subsector (e.g., providers, payers, labs, etc).
Disclaimer
These maps and the supporting SMART Toolkit are provided for informational purposes only. Use of this resource is neither required nor intended for compliance with federal, state, or local laws. Please note that the information presented may not be applicable to or appropriate for all health sector organizations. This toolkit is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks.
The advice and template materials provided in this guide are neither intended nor offered as legal advice or legal opinions. HSCC-CWG and the authors are not practicing attorneys. These maps and supporting guidance are intended for educational and information purposes only. The reader should neither act nor fail to act on any legal matter based upon the information or advice provided in this document without first engaging a competent attorney licensed to practice law in their state or territory.