The National Institute of Standards and Technology (NIST) is co-hosting a conference to explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The conference on "Safeguarding Health Information: Building Assurance through HIPAA Security," presented in collaboration with the Department of Health and Human Services (HHS) Office for Civil Rights, will be held on May 11 and 12, 2010, in Washington, D.C.
This conference will provide a forum to discuss the present state of health information security, and practical strategies, tips and techniques for implementing the security requirements of HIPAA. The law promotes health care industry efficiency through the use of electronic health information while protecting the confidentiality, integrity and availability of the information. Organizations required to follow the HIPAA Security Rule include government agencies involved in health records, health care providers, health plans such as health insurance issuers and Medicaid and Medicare programs, health care clearinghouses and Medicare prescription drug card sponsors.
Plenary sessions will cover a variety of current HIPAA and health information technology topics including updates on the HHS Office of Civil Rights, administration and enforcement of the HIPAA Security Rule, risk assessments and contingency planning, logging and auditing in a healthcare context, encryption requirements and strategies in a healthcare environment, and security considerations for mobile/wireless technologies and new media in healthcare. Industry panels will discuss breach notification rules and the state of compliance with the Security Rule.
NIST provides ongoing expertise in risk management, security and standards for federal agencies and has been involved in health information technology research since 1994. NIST has responsibility through the American Recovery and Reinvestment Act of 2009 to accelerate the development and harmonization of standards and to develop conformance test tools for health information technology.
The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is breached.
The meeting is expecting to draw hundreds of HIPAA security rule implementers; security, privacy and compliance officers; assessment teams and audit staff. Registration instructions, current agenda and conference logistics are available at http://csrc.nist.gov/news_events/HIPAA-May2010_workshop/. Media interested in attending should contact Evelyn Brown, evelyn.brown [at] nist.gov, (301) 975-5661.