Safeguarding Health Information: Building Assurance through HIPAA Security Purpose

Safeguarding Health Information: Building Assurance through HIPAA Security
Excerpted on Sept 3, 2012 from NIST HIPAA Security Conference


hipaa logoThe National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) co-hosted the 5th annual conference Safeguarding Health Information: Building Assurance through HIPAA Security on June 6 & 7, 2012 at the Ronald Reagan Building and International Trade Center in Washington, D.C.

The conference explored the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event highlighted the present state of health information security, and practical strategies, tips and techniques for implementing the HIPAA Security Rule. The Security Rule set federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards.

The conference offered important keynote addresses and plenary sessions as well as breakout sessions following two learning tracks around specific areas of security management and technical assurance. Presentations covered a variety of current topics including updates on HHS health information privacy and security initiatives, OCR's enforcement of health information privacy and security activities, integrating security safeguards into health IT, safeguards to secure mobile devices, removing sensitive data from the Internet, and more.

A single registration fee granted access to all presentations on-site and through a live Webcast. Video of the event is available at:

A live Twitter Chat was conducted using the hashtag #HIPAASecurity.

Lunch and refreshments were served on-site.


Conference Agenda – Final Agenda dated 5/29/2012

Presentations can be viewed from the NIST Computer Security Division's website known as Computer Security Resource Center (CSRC).

Presentations – 2012 HIPAA
Excerpted on Sept 3, 2012 from (updated: Wed., June 6 @ 10:27am EST.)

NOTE: All presentations posted are in PDF format. Also note, when you click on the link to a presentation, the presentation will open up in a new browser window and this page will still be open in the background.

Wednesday, June 6 (Day 1):

9:00-9:15 Welcome and Logistics
David Holtzman, OCR and Kevin Stine, NIST

9:15-9:30 Leadership Remarks
Matt Scholl, Deputy Chief, Computer Security Division, NIST

9:30-10:15 Risk Management Framework: Privacy Controls
Dr. Ron Ross, NIST

10:30-11:15 Beyond HIPAA: The FTC Privacy Report
Cora Tung Han, FTC

11:15-12:15 Establishing an Access Auditing Program
Cindy Matson, Sanford Health System

1:15-2:00 View From the Cloud: Security Assurance Considerations for a Purchaser
Mac McMillan, HIMSS; and Vince Campitelli, Cloud Security Alliance

2:00-2:45 HHS/ONC Overview
Joy Pritts, Chief Privacy Officer, Office of the National Coordinator

3:00-4:00 (Breakout A-1 Session) Security of Mobile Devices
Lisa Gallagher, HIMSS

3:00-4:00 (Breakout B-1 Session) Security of Health Information When Maximizing Accessibility and Usability
Matt Quinn, NIST, and David Baquis, US Accessibility Board

4:05-4:50 (Breakout A-2 Session) ONC Mobile Device Project
David Shepherd, LMI

4:05-4:50 (Breakout B-2 Session) Integrity Protections
Dan Rode, AHIMA

Thursday, June 7 (Day 2):

9:00-9:30 The Convergence of Privacy and Security in Protecting Health Information
Leon Rodriguez, Director, OCR

9:30-10:30 OCR Audit Program
Linda Sanches, OCR

10:45-11:45 HIPAA Security Rule Toolkit Use Case
Sue Miller, WEDI Security and Privacy Workgroup; Jim Sheldon-Dean, Lewis Creek Systems, LLC and Sherry Wilson, Jopari Solutions

1:00-2:00 Federal Data Breach Response of Health and Consumer Protected Information
David Holtzman, OCR, and Alain Sheer, FTC

2:00-3:00 Data Breach Strikes
Gerard Stegmaier, Wilson, Sonsini, Goodrich & Rosati; and Paul Luehr Stroz Friedberg

3:15-4:00 Security Testing and Assessment Methodologies
Karen Scarfone, Scarfone Cybersecurity; and Richard Metzer, D.Sc. CISSP, Lockheed Martin

4:00-4:45 Meaningful Use Crosswalk to the Security Rule
Adam Greene, Davis Wright Tremaine LLP


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree