The National Institute of Standards and Technology (NIST) is co-hosting a conference to explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The conference on "Safeguarding Health Information: Building Assurance through HIPAA Security," hosted in conjunction with the Department of Health and Human Services Office for Civil Rights (OCR), will be held on May 10 and 11, 2011, in Washington, D.C., at the Ronald Reagan Building and International Trade Center.
The conference will provide a forum to discuss the present state of health information security, and practical strategies, tips and techniques for implementing the HIPAA Security Rule. The rule specifies federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA-covered entities and their business associates to implement and maintain administrative, physical and technical safeguards. The HIPAA Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA.
In addition to keynote addresses and plenary sessions each morning, the conference will provide parallel breakout sessions highlighting specific areas of health information security management and technical assurance. Sessions will cover current topics, including updates on HHS health information privacy and security initiatives, OCR's enforcement of health information privacy and security activities, integrating security safeguards into health IT and security automation, insider threat trends and safeguards and more.
NIST provides ongoing expertise in risk management, security and standards for federal agencies and has been involved in health information technology research since 1994. NIST is responsible for accelerating the development and harmonization of standards and developing conformance test tools for health information technology.
OCR enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and the Breach Notification regulations requiring HIPAA-covered entities and their business associates to notify individuals when their health information is breached.
The meeting is expecting to draw hundreds of HIPAA security rule implementers; security, privacy and compliance officers; assessment teams and audit staff. Registration instructions, current agenda and conference logistics are available online.