Conference on Safeguarding Health Information, May 18-19
From NIST Tech Beat: March 24, 2009
Contact: Evelyn Brown
Most people’s experience with the Health Insurance Portability and Accountability Act (HIPAA) consists of a quick glance at a photocopied document at the doctor’s office followed by signing a form stating that we have reviewed the information. But there is much more to the law that was enacted by Congress to promote health care industry proficiency by using electronic health information while protecting the confidentiality, integrity and availability of the information.
To assist the understanding and expansion of these standards and practices, the National Institute of Standards and Technology (NIST) is co-hosting “Safeguarding Health Information: Building Assurance through HIPAA Security” May 18-19 at its Gaithersburg, Md., facility. The co-host is the Centers for Medicare and Medicaid Services (CMS), the federal agency mandated in the 1996 act to be responsible for creating a more efficient and effective health care system that increasingly uses electronic healthcare transactions.
NIST provides ongoing expertise in risk management, security and standards to CMS and has been involved in health information technology (IT) research since 1994. NIST is receiving $20 million through the American Recovery and Reinvestment Act of 2009 to accelerate the development and harmonization of standards and to develop conformance test tools for health IT.
Organizations required to follow the HIPAA Security Rule include government agencies involved in health records, health care providers, health plans such as health insurance issuers and Medicaid and Medicare programs, health care clearinghouses and Medicare prescription drug card sponsors.
The meeting is expecting to draw hundreds of HIPAA security rule implementers; security, privacy and compliance officers; assessment teams and audit staff. During the meeting attendees will learn techniques for implementing the HIPAA Security Rule requirements with focus on strategies for assessing the effectiveness of implemented security controls to support compliance, auditing, and an organization’s overarching risk management program. Sessions will be dedicated to security assessment frameworks and methodologies, new technologies and security safeguards, e-prescribing, security automation, the Federal Information Security Management Act and the American Recovery and Reinvestment Act of 2009 and its impact on security and privacy of health information.
For more information about the meeting, see the registration site www.nist.gov/public_affairs/confpage/090518.htm.