Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Safeguarding Health Information: Building Assurance through HIPAA Security - 2017

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 10th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on September 5-6, 2017 at the Hyatt Regency, Washington, D.C.

The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule. The Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards.

HIPAA Conference

The conference will offer sessions that explore the security management and technical assurance of electronic health information. Presentations will cover a variety of topics including understanding the current cybersecurity threat landscape, managing data breaches, considerations for small provider cybersecurity, managing cybersecurity risk and implementing practical cybersecurity solutions in healthcare environments, updates on OCR's Phase 2 audits and enforcement activities, and more.

Webcast Option:

Participants can choose to participate in-person or via webcast. All registrants will have access to archived webcast presentations and materials.

For Live Webcast, web browser will need current Flash Player installed, and broadband internet access to support 650kbps continuous download bandwidth.

The event hashtag is #HIPAASecurity. Join the conversation and tweet us your questions.


Please click on AGENDA below to expand the complete two days, including links to most of our speakers presentations.

Agenda PDF (Updated - 8/31/17)

Note: Speakers presentations will be linked below as PDF files as they are approved.

September 5, 2017: 10:00 am - 5:00pm ET
September 6, 2017: 9:00 am - 4:30pm ET

Safeguarding Health Information: Building Assurance through HIPAA Security

Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST)


Day 1 – September 5, 2017

10:00 - 10:30

Welcoming Remarks

Director Roger Severino

HHS Office for Civil Rights

10:30 - 11:15

Keynote Address

Russ Branzell, President and CEO

College of Healthcare Information Management Executives (CHIME)

11:15 - 11:30


11:30 - 12:30

The Year in Review:  The Current Cybersecurity Threat Landscape

Steve Curren

Director, Office of Emergency Management, Division of Resilience

HHS Assistant Secretary for Preparedness and Response

12:30 - 1:45


On Your Own

1:45 - 2:45

Updates from the National Institute of Standards and Technology

Matt Barrett, Cybersecurity Framework, NIST

Tim McBride, National Cybersecurity Center of Excellence, NIST

Rodney Petersen, National Initiative for Cybersecurity Education, NIST

2:45 - 3:00


3:00 – 4:00

Update on OCR’s Compliance and Enforcement Activities

Iliana Peters, Senior Advisor, Compliance and Enforcement, HHS Office for Civil Rights

4:00 – 5:00

Using HIPAA Self-Audits as a Compliance Tool

Allen R. Killworth

Partner, Bricker and Eckler

End Conference Day 1



Safeguarding Health Information: Building Assurance through HIPAA Security

Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST)


Day 2 - September 6, 2017

9:00 - 9:05


9:05 - 10:15

Keynote Address

Can’t See the Ward for the Beds? Managing the Top Risks to Healthcare

Marylynn Stowers and Jonathan Litchman

The Providence Group

10:15 - 11:15

Securing Medical Devices and the Internet of Things in the Healthcare Space

Moderator: Bob Chaput, Clearwater Compliance

Panelists: Ricky Hampton, Partners Healthcare

Aftin Ross, Food and Drug Administration

Rob Suarez, BD

Sue Wang, National Cybersecurity Center of Excellence, NIST (MITRE)

11:15 - 11:30


11:30 – 12:00

An Update from the Federal Trade Commission

Megan Cox, Federal Trade Commission

12:00 – 1:15

Lunch on Your Own

1:15 - 2:15

Reducing Risk for Small Provider Practices

Moderator: David Holtzman, Cynergistek

Panelists: Bayardo Alvarez, Boston Pain Care Clinic

Lee Kim, Healthcare Information and Management Systems Society

Rob Tennant, Medical Group Management Association

2:15 - 2:30


2:30 - 3:30

Using the Cybersecurity Framework in Healthcare

Moderator: Matt Barrett, NIST

Panelists: Julie Chua, HHS Office of Information Security

Jeremiah Grant, Novant Health

Nick Heesters, HHS Office for Civil Rights

3:30 - 4:30

Update on OCR’s Phase 2 HIPAA Audits

Linda Sanches, Senior Advisor

HHS Office for Civil Rights

End Conference


Created July 19, 2017, Updated September 12, 2017