HIPAA Plain & Simple, Stage 4, Cyber-Security Kick Off For your Organization

Overview: In a hyperconnected healthcare world, what cyber protections have you put in place that allow your human resource assets to sleep at night? Irrespective of size, cyber security is as much about protecting small practice information network assets as it is about protecting complex information networks in large military hospitals and health systems. While failures are unavoidable, you can keep your network from collapsing in the event of an attack, and we will show you how.

In this session, you will learn from small to large health care organizations who have built a controlled "attack plan" to put protections in place. Plans not only identified the outliers within their organization, but also helped leadership respond promptly, efficiently, and how to remediate the attack.

Learn how your cyber security plan stacks up against other organizations your size. Build a threat actor analysis and an impact analysis to determine the financial, brand reputation, legal and regulatory compliance, people and customer losses. Then, test your organization's capabilities to see how well your organization would recover from a cyber-attack.

We will show you how the National Institute of Standards and Technology (NIST) has created a plan-the NIST Cybersecurity Framework-to address each of the critical elements of a successful cyber security implementation.

Why should you Attend: "Who would want to attack our practice?" Perhaps malware already invaded your networks but lay dormant waiting for intelligence on when and how to attack your practice information assets. Last year, 71 percent of attacks began with "spear phishing," an opportunity to invade even the most well-guarded small business networks, gather intelligence and information by masquerading as a trustworthy entity. Complacent strategies may be an invitation against cyber actors to continue attacking wherever they find a weakness.

While big story attacks once stole headlines, today's ransomware has shifted to commodity prices while increasing various ways to hold your network hostage. For example, is the lifeblood of your practice, designated record sets containing vital patient demographic and medical information, sufficiently backed up to survive a protracted ransomware attack?

Trusting your network security vendor is the first big step to building a cyber security program. Know what internal and external network vendors can do for you and what you should ask for before signing an agreement. Do you maintain an inventory of Internet of Things (IoT) devices where malware can creep in and shut down alarms or notifications you depend on for diagnosis, monitoring, and medical treatment? Better yet, how about 24-hour surveillance on those devices that not only save you dollars, but also keep your organization healthy.

HIPAA Privacy and Security Rules, requiring compliance in 2003 and 2005, respectively, predated the era of the smartphone and mobile data exchange. For years, emphasis was on implementation of the privacy and security standards through compliance audits and investigations related to complaints and breach. Now, in the cybersecurity era, enforcement and private litigation following breach increasingly focuses on whether cyber risks are examined on an ongoing basis and whether practices are actually proactively following their policies and procedures and mitigating risks that they have identified. Now, failure to do so endangers the sustainability of a medical practice as a sustainable business endeavor.

Areas Covered in the Session:

• How prepared are you?
• What are your business risks you are willing to assume and their possible impact?
• Evaluate your cyber resilience (mean time to failure, mean time to recovery)
• Adopt a holistic approach to managing "cyber risk"
• Complete a Threat-Actor Analysis
• Know your threat actors and how you can defend against them?

Who Will Benefit:

• Chief Information Security Officials
• Network Security Consultants
• Office Administrators
• Chief Executive Officers
• Chief Medical Information Officers
• Designated HIPAA Privacy and Security Officials
• Business Associates to whom you Have Entrusted Protected Health Information

Speaker Profile

Carolyn Hartley is a highly skilled health IT educator, strategist and project manager of 100+ EHR certified system installations, stabilizations, upgrades and interoperability exchanges between primary care providers, specialists, critical access and hospital information systems. She and co-presenter, Ed Jones, have co-authored more than a dozen HIPAA products vetted and published by the American Medical Association, American Dental Association, & American Society of Clinical Oncology. From 2010 – 2014, Ms. Hartley was contracted subject matter expert and curriculum developer for HHS’s Office of the National Coordinator for Health Information Technology (ONC) Implementation bootcamps. Today, she is a HIPAA and EHR systems digital forensics expert.

Edward D. Jones, III, is president of HIPAA, LLC and CAIPHI. He brings extensive health care industry and business leadership experience, including two terms as chair of the Workgroup for Electronic Data Interchange (WEDI) Board of Directors. Mr. Jones was selected to manage the 2013 WEDI Report project submitted to then HHS Secretary Sebelius. As a result of the WEDI Report’s recommendations, WEDI created the Sullivan Institute for Healthcare Innovation to facilitate the recommendations.

He regularly consults on cyber security, risk assessments, documentation management solutions for achieving HIPAA privacy and security compliance and cyber security insurance underwriting.