Brief #1: 11 am thru Noon

The 42 Questions HHS May Ask in a HIPAA Audit

Critical Steps for Enabling a HIPAA Compliant Organization

It was reported recently that Piedmont Hospital became the first organization in the United States to be audited for compliance with the HIPAA Security Rule. The audit was conducted by the office of the inspector general at the U.S. Department of Health and Human Service (HHS) and is being seen by some as a precursor of similar audits to come at other institutions.

It was further reported that Piedmont Hospital was presented with a list of 42 items that U.S. Department Health and Human Services (HHS) officials wanted information on within 10 days of the request. In this executive brief, compliance and security expert, Ali Pabrai, steps you through the 42 areas so you may assess your own organization. Further, examine the critical steps required to achieve HIPAA compliance on a continual basis.

In this executive brief, you will:

• Step-thru the 42 questions that you may be presented with as a part of a HIPAA audit
• Classify the core categories of the HIPAA Security Rule and investigate the critical steps for complete HIPAA compliance
• Analyze additional compliance regulations that impact your organization including PCI DSS, FISMA and the internation security standard, ISO 27002 (ISO 17799:2005)
• Identify best practices for information security based on critical U.S. government requirements for minimum security and security categorization

Brief #2: 1 pm – 2 pm

The New ISO 27002 International Security Standard

Applying the Standard in Your Policies & Practices

The new ISO 27002 Standard is entitled Information technology - Security techniques - Code of practice for information security management. ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad.

The ISO 27002 standard consists of 11 security control clauses (sections). These contain 39 main security categories and 1 introductory clause (risk assessment and treatment). Each clause contains a number of main security categories.

In this executive brief, you will:

• Understand the scope of the new international security standard and how to apply it in your organization
• Review requirements for identity management and business continuity to influence your initiatives in these areas
• Examine how to update your security policies and procedures with the information in the ISO 27002 standard

ABOUT THE SPEAKER

Uday Ali Pabrai, CISSP (ISSAP, ISSMP), CSCS, is a highly sought after security and compliance expert. Author of The Art of Information Security, he has successfully delivered tailored security solutions to hundreds of organizations across the USA. Always rated 10+, he has presented keynote and other sessions at ISSA, HIPAA Summit, Internet World, Comdex, NetSecure world-wide including USA, UK, India, Japan and the UAE.

Author of The Disruption of Healthcare: Forces of Technology and Genetics Forever Change Healthcare, Mr. Pabrai recently launched the Certified Security Compliance Specialist™ (CSCS™) program.

ABOUT HIPAA ACADEMY

HIPAA Academy delivers compliance solutions across the United States every day. Our deep knowledge of the HIPAA, FISMA, PCI DSS, GLBA and other regulations is substantiated with hands-on experience implementing technical solutions in the healthcare industry. The HIPAA Academy introduced the industry's first, and today's leading, credentials for HIPAA skills certification: Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSS). HIPAA Academy training courses and certification exams are now available on-line.

HIPAA Academy also recently launched the industry’s most comprehensive compliance and security portal. The Compliance Portal provides one-click access to all major information security and associated compliance requirements including HIPAA, PCI DSS, ISO 17799:2005 (ISO 27002), FISMA and many others.

Please visit www.HIPAAAcademy.Net and click on Compliance Portal.

ABOUT SABOT TECHNOLOGIES

Sabot Technologies provides high impact management consulting services to information executives.  Sabot specializes in:

• IT Organizational Services
• IT strategic planning
• Enterprise architecture
• IT governance/organizational consulting
• IT operational process design/streamlining
• Compliance support
• Project Management Office Development
• IT Project Services
• Requirements definition
• Project management
• Project Mentoring
• Project/contract oversight
• Independent verification and validation

Sabot integrates regulatory and standards compliance into each engagement.  Our consultants are certified in compliance (CHP, CHSS™, CSCS™), security (CISSP), and project management (PMP).