Learning Marketplace

HIPAA and ISO/IEC 27001

The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule provides federal protection for individually identifiable health information (IIHI) held by covered entities and their business associates. It specifies a series of administrative, physical and technical safeguards to be in place to assure the confidentiality, integrity, and availability of protected electronic health information.

According to a recent report on the top 2014 healthcare breaches just released by Databreach Today, 5,649,000 patients were affected by the top four reported breaches. HIPAA/HITECH non-compliance can result in large fines, and there have been increasing breaches and fines that are being publicized and catching the attention of the public.

Join Kevin Hardcastle, CISO at Washington University, and BSI's John DiMaria when they present a use case on how ISO/IEC 27001 can guide you to ensure you have the security controls in place to address confidentiality, integrity and availability, put you on the road to meet the HIPAA/HITECH requirements and provide evidence of due diligence and show standard of care.

Learning Objectives:

  • The scope and overview of ISO/IEC 27001
  • A practical approach for using ISO/IEC 27001 to enhance your HIPAA compliance system
  • The common and proper approaches to implementation
  • Risk assessment approach


Kevin Hardcastle is the Chief Information Security Officer at Washington University in St. Louis. With more than 30 years of experience in information security, Kevin brings a wealth of knowledge of federal and state regulations, including HIPAA, Graham Leach Bliley and Sarbanes-Oxley.

John DiMaria is the ISO Product Manager for BSI Group America Inc. He has 28 years of successful experience in Management System Development, including Information Systems, and Quality Assurance. John is responsible for overseeing, product roll-out, and client/sales education. He is a product spokesperson for BSI Group America, Inc. regarding all product standards covering Risk, Quality, Sustainability and Regulatory Compliance.