Privacy and security compliance is moving at the speed of light in health care. With OCR’s Phase 2 audits underway and enforcements on the upswing, HIPAA covered entities and business associate are – or should be – taking a hard look at their compliance programs. The threat environment is also changing: cyber criminals, recognizing the treasure trove of financial and health data available in health records, are targeting the health care industry with unique attacks such as ransomware. Health care providers are not without their own tool, however. Risk assessment and risk management are foundational elements that entities can use to manage risks and vulnerabilities to protected health information to a reasonable and appropriate level. Cyber insurance can also help regulated entities manage risk, but because it is often misunderstood, you may not have the coverage you want – or think you have.
Presenters Stephen Reynolds and Kim Metzger, partners in the Data Security and Privacy group at Ice Miller LLP, will address the status of the Phase 2 audits, as well as lessons regulated entities can learn from prior OCR enforcement actions, and guardrails they can employ to enhance compliance. The presenters will also help you understand and protect against ransomware attacks, and will discuss cyber insurance and questions you should ask to help ensure your coverage meets your needs.
More information about HCCA’s Indianapolis Regional Conference here.