Session ID: 
137

Turning Good Information Security Into Good HIPAA Compliance

11:30am - 12:30pm Wednesday, February 13
Orlando - Orange County Convention Center
W320

Description

It may seem odd, but you can have a robust, mature information security program but terrible compliance. In fact, recent HIPAA audits revealed exactly that for organizations that had focused heavily on information security. This session will bridge the gap between good information security and good HIPAA compliance, addressing what the regulators are looking for and how their expectations differ from typical information security practices. It will provide practical takeaways regarding how to ensure that you are conducting a risk assessment and implementing a risk management plan that will pass muster with regulators, how you can ensure that you get credit for the good information security work you are doing and the regulators' expectations for policies and procedures.

Learning Objectives: 

  • Develop a risk analysis and risk management that is consistent with HHS Office for Civil Rights expectations
  • Identify evidence of implementation of controls that can be used to respond to a regulatory investigation of HIPAA compliance
  • Develop policies and procedures that have the level of detail that the HHS Office for Civil Rights expects
  • Identify key areas of the Office for Civil Rights' interpretation of the HIPAA Security Rule that differ from standard information security practices
  • Prepare for an Office for Civil Rights HIPAA Security Rule audit

Speaker(s): 

Partner,
Davis Wright Tremaine, LLP

Audience: 

CIO, CTO
CISO/CSO
Information Management Professional

Level: 

Intermediate