Health Care Information Security: Risk, Regulation & Response
perspectives from Providence Health & Services
- Event Date:
- Event Time: Noon Central
While evolving government security regulations drive much of the security analysis and IT work within health care organizations, regulatory compliance is just a piece of the overall health care cyber risk landscape. Many otherwise “compliant” health care organizations find themselves victims of data security breaches they didn’t see coming. A robust risk management program can bolster an organization’s ability to maintain and demonstrate regulatory compliance while simultaneously reducing the potential for and the impact of health care data breaches and other security incidents.
Learn how being the first subject of a Health & Human Services (HHS) resolution agreement and corrective action plan under HIPAA resulted in Providence Health & Services incorporating an internal incident response with a broad view of the external threat landscape into an information security program. The program efficiently provides the senior leadership team with its most acute information need today: timely and accurate risk assessments to effectively navigate the evolving government regulatory enforcement and real-world threat landscapes.
What You Will Learn:
- Why regulatory compliance alone is insufficient to manage security risk
- How and where to find valuable information to inform security decisions for your organization
- How to use your internal incident information to inform your information security roadmap
Speaker:
|
Mike Boyd, CISSP, has been with Providence Health & Services for five years and currently serves as the Director of Information Security Management. Providence is a not-for-profit Catholic health care system that includes 32 hospitals, 350 physician clinics, senior services, supportive housing and many other health and educational services. The health system employs more than 64,000 people across five states – AK, CA, MT, OR and WA. His responsibilities include oversight of information security risk assessment, security incident management and integration of security risk management within Providence’s environment including information technology, supply chain, revenue cycle, human resources and health care operations. Previously Mike served as the Information Security Officer for Oregon Health & Science University and oversaw the security engineering team at Pacific Life Insurance. He is also the past president of the Portland chapter of the Information Systems Security Association (ISSA) and a former Captain in the United States Marine Corps. Mike holds the Certified Information Systems Security Professional (CISSP) certification and a Bachelor of Science in Computer Science from the United States Naval Academy in Annapolis, MD. |
Chubb Group of Insurance Companies (“Chubb”) is the marketing name used to refer to the insurance subsidiaries of The Chubb Corporation. For a list of these subsidiaries, please visit its website at www.chubb.com. Actual coverage is subject to the language of the policies as issued. Chubb, Box 1615, Warren, NJ 07061-1615.
