HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Major Focus on Cybersecurity at HIMSS15

The HIMSS Annual Conference & Exhibition is a firm fixture in many healthcare IT professionals’ yearly work calendars. The conference showcases the latest healthcare technologies and highlights current trends in the industry, while keynote speakers share solutions in health IT.

The move to EHRs has elevated risk of cybercrime and the massive data breaches to hit all industries over the past 12 months clearly demonstrate that the threat from hackers is a very real. Furthermore cybercriminals are targeting healthcare providers and health plans in search of the Protected Health Information (PHI) they hold.

In February and March of this year, two massive hacking incidents were reported by health insurers which resulted in 89,800,000 confidential records being obtained by cyber criminals. 11 million of those records were reported to have contained sensitive PHI.

This year, HIMSS has a strong cybersecurity focus to help the industry take proactive steps to improve defenses against hackers. There will be a new Cybersecurity Command Center at this year’s conference, which will allow Security Officers and healthcare IT professionals the opportunity to meet experts in the field, brainstorm and find solutions to further safeguard PHI on IT networks against highly sophisticated hacking attempts.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

How to Improve Defenses Against Hackers

Many educational sessions will be devoted to assessing security risks, improving defenses and implementing best practices to make it harder for hackers to launch successful attacks.

A number of sessions are dedicated to identifying risks, conducting risk analyses, ensuring effective risk management and securing PHI in transit and at rest.

HIMSS15 Highlights Include:

  • Cyber Security Challenges Impacting the Healthcare Industry
  • Cyber Risk – Are you prepared for an advanced cyber attack?
  • Securing Healthcare IT Operations in the Cloud
  • ICS-CERT Lessons Learned for Medical Device Security
  • How to Avoid Being a Victim of Cybercrime: Addressing Your Organization’s Cyber Risks Head-on
  • Afraid of the Dark: Healthcare Threats You Can’t See
  • How to Disrupt the Lifecycle of an Advanced Attack
  • Protect your ePHI and Payment Data from hackers

Updates from the OCR and Cyber Security Advice

The Office for Civil Rights is in attendance, with Alessandra Swanson (SEOS/ Team Leader) joining the Cybersecurity Command Center on April 15. She will be speaking on “Cyber Security and the Current State of HIPAA Enforcement,“ and will be explaining how the Office for Civil rights is now enforcing HIPAA Privacy, Security and Breach Notification Rules. She will also address some of the common issues CEs and BAs have with the HIPAA Security Rule and will be offering advice on the best practices to adopt for a related mitigation strategy.

Advice on HIPAA/HITECH for Business Associates and their CEs

The HIPAA Omnibus Rule extended HIPAAs reach to include Business Associates. HIPAA places numerous demands on Business Associates of healthcare providers, and HIPAA-compliance failures can result in substantial financial penalties being issued against BAs directly.

This year, the numerous challenges of becoming a BA – and working with BAs – are being discussed in a session hosted by Gerry Hinkley – Co-Leader of Pillsbury Winthrop Shaw Pittman’s Health Care Industry Team – and Deven McGraw – Partner in the healthcare group at Manatt, Phelps & Phillips, LLP. The session, entitled “Challenges Working with or Being a HIPAA Business Associate”, is a must for any company wishing to start working with HIPAA-covered organizations.

The session – on April 14 – will cover the most common issues faced by BAs and CEs under the Omnibus Rule and HITECH and the speakers will offer advice on best practices that can be adopted to ensure compliance. The session also provides Continuing Education Credits: CME 1.00, CNE 1.00, CPHIMS 1.00, CAHIMS 1.00, ACHE 1.00, AHIMA 1.00.

The 2015 Annual HIMSS Conference & Exhibition is held between April 12-16 in Chicago.


McCormick Place
2301 S. Lake Shore Dr.
Chicago, IL 60616

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.