Cybersecurity Practices for Health Care Organizations — Cybersecurity Act Task Force Recommendations

01:00 PM ET | 10:00 AM PT | 12:00 PM CT Duration 90 Minutes

Webinar Includes : All the training handouts , certificate ,Q/A and 90 mins Live Webinar

"Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC"

Learn how Cybersecurity is different from other kinds of security


Healthcare information has been protected according to regulations under the Health Insurance Portability and Accountability Act (HIPAA) since 2003 but new attacks by malicious external actors (hackers) pose new threats to the confidentiality, integrity, and availability of Protected Health Information (PHI).  The National Institute of Standards and Technology (NIST) has released Cybersecurity guidance to assist with preparations to avoid and respond to threats, and the Cybersecurity Act of 2015 has resulted in guidance in Health Industry Cybersecurity Practices, with implementation guidance for both small and large organizations, identifying five current threats and ten practices to deal with them. 

If you are not prepared to deal with Cybersecurity issues your organization can be brought to its knees.  More than one healthcare entity has had to scrap its entire IT infrastructure to recover from an attack, at a cost of millions of dollars, and entities that are not sufficiently prepared to deal with Cybersecurity issues may receive penalties from the US Department of Health and Human Services if a breach occurs.

Now is the time to be sure your Cybersecurity stance is strong and resilient and follows recommendations by HHS, NIST, and the Cybersecurity Act of 2015, Section 405(d) Task Group.

In this session, we will examine how following the requirements of the HIPAA Security Rule and specifically taking into consideration cyber-threats can help a healthcare entity prepare itself to defend against cyber-attacks and the significant impacts to privacy, security, and patient care and safety that can result.  We will learn about the latest guidance and tools for assisting in preparation and response to cyber-attacks, and what to do if the attack is successful and creates an incident that must be managed and recovered from.

Dealing with Cybersecurity begins with prevention of issues through good practices, good training, and good people who know how to do the right thing.  It is important to take reasonable precautions that follow good network practices for preventing and isolating malicious activity, including anti-malware, complex firewalling and network segmentation, and monitoring.  Staff and all users must be trained to not be the attack vector when a malicious actor sends a message that includes a link or attachment that can launch a devastating attack on your services and practices.

Overall, following the practices established in the HIPAA Security Rule and recommended by the Cybersecurity Act of 2015, Section 405(d) Task Group can help prevent Cybersecurity incidents through appropriate consideration of current issues, including Cybersecurity, in Risk Analysis and Risk Mitigation planning.

When an incident does occur, it is important to have a prepared plan for how to evaluate and respond to incidents so that any damage is minimized and the appropriate notification of breaches takes place.  And, finally, any incident is an opportunity to learn how to do better the next time through better avoidance and better response to Cybersecurity incidents

Areas Covered

•      At the conclusion of the session, participants will be able to:
•      Understand how the HIPAA Security Rule addresses Cybersecurity, and how to use the rule to prevent cyber-           attacks.
•      Learn about the Cybersecurity Act of 2015, Section 405(d) Task Group reports, including in-depth explorations           of the top five current threats and ten practices to deal with them, in large and small organizations.
•      Learn how Cybersecurity is different from other kinds of security issues and why it deserves special attention.
•      Learn about the NIST Cybersecurity Framework and how to use it to prepare for and respond to Cybersecurity         events.
•      Understand the importance of regular, repeated training to help prevent the initiation of an attack on your                   systems.
•      Learn how to respond to and follow up on an attack that may result in a breach of information.

Who will Benefit

Attendees should include Compliance Officers, Privacy and Security Officers, and leadership and staff in health information management, information security, and patient relations, as well as staff in patient intake and front-line patient relations and any others that are involved in, interested in, or responsible for, patient communications, information management, and privacy and security of Protected Health Information under HIPAA, including:

•      Compliance director
•      CEO
•      CFO
•      Privacy Officer
•      Security Officer
•      Information Systems Manager
•      HIPAA Officer
•      Chief Information Officer
•      Health Information Manager
•      Healthcare Counsel/lawyer
•      Office Manager
•      Contracts Manager

Industries who can attend

This 90-minute online course is intended for professionals in the Healthcare  Industry.

Speaker Profile

Jim Sheldon-Dean

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. 

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C. 

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Back to Top