HIPAA and ISO/IEC 27001
The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule provides
federal protection for individually identifiable health information (IIHI) held by
covered entities and their business associates. It specifies a series of administrative,
physical and technical safeguards to be in place to assure the confidentiality,
integrity, and availability of protected electronic health information.
According to a recent report on the top 2014 healthcare breaches just released by
Databreach Today, 5,649,000 patients were affected by the top four reported breaches.
HIPAA/HITECH non-compliance can result in large fines, and there have been increasing
breaches and fines that are being publicized and catching the attention of the public.
Join Kevin Hardcastle, CISO at Washington University, and BSI's John DiMaria when
they present a use case on how ISO/IEC 27001 can guide you to ensure you have the
security controls in place to address confidentiality, integrity and availability, put
you on the road to meet the HIPAA/HITECH requirements and provide evidence of due
diligence and show standard of care.
- The scope and overview of ISO/IEC 27001
- A practical approach for using ISO/IEC 27001 to enhance your HIPAA compliance system
- The common and proper approaches to implementation
- Risk assessment approach
Kevin Hardcastle is the Chief Information Security Officer at
Washington University in St. Louis. With more than 30 years of experience in
information security, Kevin brings a wealth of knowledge of federal and state
regulations, including HIPAA, Graham Leach Bliley and Sarbanes-Oxley.
John DiMaria is the ISO Product Manager for BSI Group America Inc. He
has 28 years of successful experience in Management System Development, including
Information Systems, and Quality Assurance. John is responsible for overseeing, product
roll-out, and client/sales education. He is a product spokesperson for BSI Group
America, Inc. regarding all product standards covering Risk, Quality, Sustainability
and Regulatory Compliance.