Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

HIPAA 2010 - Safeguarding Health Information: Building Assurance through HIPAA Security

The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and, the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is breached.

NIST’s mission, as a non-regulatory federal agency within the U.S. Department of Commerce, is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

This conference will provide a forum to discuss the current HIT security landscape, as well as practical strategies, tips, and techniques for implementing the requirements of the HIPAA Security Rule.

HIPAA 2010 Presentations

Tuesday, May 11 (Day 1):

Welcoming Remarks from OCR
Susan McAndrew - Deputy Director for Privacy, HHS Office for Civil Rights

Welcoming Remarks from NIST
William Barker - Chief Cybersecurity Advisor, NIST Information Technology Laboratory

Tips and Techniques for Conducting Risk Assessments
Pat Toth - NIST
Marissa Gordon-Nguyen - HHS/OCR

Keynote Address
Georgina Verdugo-Director, HHS Office for Civil Rights
Howard Schmidt - White House Cybersecurity Coordinator

Standards and Certification Interim Final Rule
Steve Posnack - HHS/ONC
Lisa Carnahan - NIST

Panel: Breach Notification
Christina Heide - Health Information Privacy Division, HHS/OCR
Cora Tung Han - Division of Privacy and Identity Protection, Federal Trade Commission (FTC)

Security of Health Devices
Elliot Sloane - Drexel University

Security Considerations for New Media and Healthcare
Sharon Finney - Corporate Data Security Officer, Adventist Health System

Update on OCR Enforcement of the Privacy and Security Rules
Marilou King - Civil Rights Division, HHS Office of General Counsel
David Holtzman - Health Information Privacy Division, HHS/OCR

Wednesday, May 12 (Day 2):

FTC Information Security
Alain Sheer - Attorney, Division of Privacy and Identity Protection, FTC

Strategies for Developing and Implementing Contingency Plans
David Holtzman - Health Information Privacy Division, HHS/OCR
Marianne Swanson - NIST

Logging and Auditing in a Healthcare Environment
Mac McMillan - Cynergistek, Inc

Panel: HIPAA Security Compliance: An Industry Perspective
Panel Slides

Sue Miller - WEDI
Lisa Gallagher - HIMSS
Robert Tennant - MGMA
Dan Rode - AHIMA

HIE Security Architecture
John Kelly - Director, eBusiness Architecture, Harvard Pilgrim Healthcare

Security Implementation Considerations for Mobile and Wireless Technologies
Matt Sexton - Booz Allen

Encryption Standards
Matt Scholl - Group Manager, Security Management and Assurance, Computer Security Division, NIST

Event Details

Starts: May 11, 2010 - 09:00 AM EDT
Ends: May 12, 2010 - 04:15 PM EDT

Format: In-person Type: Conference


Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other


Voice of America/Wilbur Cohen Building, Auditorium
330 Independence Avenue, SW
Washington, DC 20237
(public entrance on C St. SW)

Created May 23, 2017, Updated June 22, 2020