Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Safeguarding Health Information: Building Assurance through HIPAA Security - 2018

HIPAA Conference

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 11th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on October 18-19, 2018 at the Hyatt Regency, Washington, D.C.

The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule. The Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards.

The conference will offer sessions that explore best practices in managing risks to and the technical assurance of electronic health information. Presentations will cover a variety of topics including managing cybersecurity risk and implementing practical cybersecurity solutions, understanding current cybersecurity threats to the healthcare community, cybersecurity considerations for IoT in healthcare environments, updates from federal healthcare agencies, and more.

The conference provides a good mix of talks and panels covering management and technical topics, though all delivered for a non-technical audience. We anticipate having sessions covering diverse topic areas including IoT and medical device security; updates from government agencies like FDA, ONC, and others; sessions on small provider security; and updates from OCR regarding compliance and enforcement activities.

Webcast Option:

Participants can choose to participate in-person or via webcast. All registrants will have access to the webcast recording, presentations and materials. Registrants will receive an email reminder a few days prior to the event which will include the web link and login information. A post-event email will be sent once the recording has been posted.

For Live Webcast, web browser will need current Flash Player installed, and broadband internet access to support 650kbps continuous download bandwidth. The event hashtag is #HIPAASecurity. Join the conversation and tweet us your questions. 

Webcast Registration Contact: crissy.robinson [at] (subject: HIPAA%20Webcast%20Question) (Crissy Robinson), NIST 


Unfortunately, NIST and HHS don't provide any specific information regarding CEUs/CLEs. Attendees are always welcome to self-report to their authoritative certification bodies to request CEUs/CLEs.

Parking/Transportation Information:  

Hyatt Regency Washington on Capitol Hill offers valet parking for guests and visitors.

Valet Parking:

  • 0‒2 hours: $33
  • 2‒10 hours: $46
  • 10‒24 hours*: $62 ($66 for oversized vehicles)

*Overnight rates include in-and-out privileges. 

Please note the parking garage has a clearance of six feet.  Van and RV parking is available at nearby Union Station.


Hotel Website: Includes information about:  Hotel, dining options, local area, maps, etc.


Public Transportation Options: 

The Union Station Metro and Amtrak’s headquarters is 3 blocks from the Hyatt Regency on Capitol Hill (about an 8-minute walk). 

Agenda (PDF)
Start and End Times: 

October 18, 2018: 9am-5pm ET and October 19, 2018: 9am-3:30pm ET


Safeguarding Health Information: Building Assurance through HIPAA Security

Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST)


Day 1 – October 18, 2018


Welcoming Remarks



Keynote Director Roger Severino HHS Office for Civil Rights





The Current Cybersecurity Threat Landscape, Bob BastaniSupervisory IT Specialist, Division of Resilience HHS Assistant Secretary for Preparedness and Response



Panel: Securing Picture Archiving and Communication Systems

NIST National Cybersecurity Center of Excellence


Lunch on Your Own



Overview of new OCR/ONC Security Risk Assessment (SRA) Tool

Nick Heesters, OCR

Rose-Marie O. Nsahlai, HHS Office of the National Coordinator for Health IT






Panel: Cybersecurity Education and Workforce Development in the Healthcare Sector

Rodney Petersen, NIST National Initiative for Cybersecurity Education (Moderator) Sri Bharadway, Director of Information Services and CISO, UC Irvine

Leanne Field, Program Director and Clinical Professor, University of Texas at Austin Sarah Moffat, Enterprise Lead for Education, Professional Development, and Training for IT Workforce Planning and Development, HHS



Best Practices for HIPAA Compliance: An Attorney’s Perspective

Kimberly Metzger Partner, IceMiller

End Conference Day 1


Safeguarding Health Information: Building Assurance through HIPAA Security

Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST)


Day 2





Day 2 Keynote Address

Heather Nelson, Vice President and Chief Information Officer University of Chicago Medicine

Fact Sheet: Cybersecurity Act of 2015, Section 405(d)





10:15 – 11:15

Panel: Best Practices for Managing Risk

Nick Heesters, OCR (Moderator)

Anahi Santiago, Christiana Care Health System Daniel Bowden, Sentara Healthcare

Julie Chua, HHS Risk Management Kevin Stine, NIST


11:15 – 12:15

Panel: An Update from Federal Partners Aftin Ross, Food and Drug Administration Cora Han, Federal Trade Commission

Debbi Bucci, HHS Office of the National Coordinator for Health IT

12:15 – 1:30

Lunch on Your Own


1:30 – 2:30

Update on OCR’s HIPAA Compliance and Enforcement Activities

Serena Mosley-Day, Acting Senior Advisor Compliance and Enforcement, HHS Office for Civil Rights


2:30 – 3:30


Safeguarding the Bioeconomy: Challenges to Data Security, Health, the Economy and National Security

Edward You, Supervisory Special Agent in FBI’s Weapons of Mass Destruction Directorate, Biological Countermeasures Unit

Background information on the bioeconomy and health data:


End Conference

There is no hotel block for this event. However, please visit Hyatt Regency Washington DC or Place to Stay in DC

Parking:  Parking is not included in the registration fee.  For more information, please visit the Hyatt Map, Parking and Transportation page.


Created June 29, 2018, Updated October 19, 2018