Implementing the Cybersecurity Framework in Support of Safe Harbor
Wednesday, April 19 at 10:00 AM - 11:00 AM CT
South Building, Level 4 | S406 B
On January 5, 2021, the HIPAA Safe Harbor Bill, H.R. 7898, was signed into law amending the HITECH Act to require consideration of “certain recognized security practices … when making certain determinations, and for other purposes.” This presentation explains how healthcare organizations can receive these considerations leveraging the national Framework for Improving Critical Infrastructure Cybersecurity (commonly known as the NIST Cybersecurity Framework) and HHS’ new public-private sector guidance on implementing the NIST Cybersecurity Framework in the industry to avoid any additional burden of proof for compliance or heightened regulatory scrutiny, which typically results in various fines and penalties, should a breach occur.
Learning Objectives
- Explain why Informative References constitute ‘recognized security practices’ under HIPAA Safe Harbor legislation
- Outline a risk analysis process that leverages Informative References to help achieve compliance with the HIPAA Security Rule and meet Safe Harbor requirements
- Select the best Informative References to use in a HIPAA Risk Analysis as described in HPH sector guidance on NIST Cybersecurity Framework implementation
Credits
CME, CNE, IAPP, CAHIMS, CPHIMS, AHIMA
Status
Active
Audience
CIO/CTO/CTIO/Senior IT, CISO/CSO, Government or Public Policy Professional
ID
96
Speakers
Bob Bastani, CISSP, CISM, CRISC
Senior Cyber Security Advisor, HHS ASPR
HHS Office of the Chief Information Officer
