The sixth annual "Safeguarding Health Information: Building Assurance through HIPAA Security" conference will meet on May 21 and 22, 2013, at the Ronald Reagan Building and International Trade Center in Washington, D.C. The meeting is co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule specifies federal standards to protect the confidentiality, integrity and availability of protected health information in electronic record systems. The rule requires entities covered by HIPAA regulations—health care providers, health care plans and their business associates, for example—to implement and maintain administrative, physical and technical safeguards for their information systems.
The conference is an opportunity for HIPAA security rule implementers; security, privacy and compliance officers; assessment teams and audit staff in health care providers to explore current issues in health information security and to discuss practical strategies, tips and techniques for implementing the HIPAA Security Rule.
This year's keynote speaker is Eric Dishman, Intel fellow and general manager of the Health, Strategy & Solutions Group. Topical sessions will include updates on the Omnibus HIPAA/HITECH Final Rule, OCR's audit program, managing provider and patient identities, strengthening cybersecurity in the health care sector, integrating security safeguards into health IT, managing insider threats and securing mobile devices.
NIST provides ongoing expertise in risk management, security and standards for federal agencies and has been involved in health information technology research since 1994. NIST is responsible for accelerating the development and harmonization of standards and developing conformance test tools for health information technology.
OCR enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and the Breach Notification regulations requiring HIPAA-covered entities and their business associates to notify individuals when their health information is breached.
For those who cannot attend in person, the conference is being webcast. Registration instructions, current agenda and conference logistics are available at http://www.nist.gov/itl/csd/2013-hipaa-conference.cfm.