06-10-13 | Blog Post
When Chris Heuman started his career in healthcare IT as a computer operator more than 23 years ago, HIPAA privacy laws were not yet a consideration. As the understanding of the value of protecting patients’ sensitive data grew, Heuman’s career focus narrowed.
He earned certifications as a Certified HIPAA Professional (CHP), Certified Security Compliance Specialist (CSCS) and Certified Information Systems Security Professional (CISSP) to assist healthcare and financial organizations understand and meet the myriad compliance and security regulations and requirements they now face.
“Protecting data was important enough to me that I pushed my career that way and focused on implementing privacy and security controls on the infrastructure side,” Heuman says. “I founded RISC Management to help healthcare organizations with the privacy and security of regulated and sensitive information for compliance mandates.”
Heuman will bring that expertise to Online Tech’s free webinar series when he presents “Encryption – Perspective on Privacy, Security & Compliance” at 2 p.m. ET on Tuesday. (For more details and to register, click here.)
His is the first of three encryption-focused webinars available in June. On June 18, a webinar discussing encryption at the software level will be presented. That will be followed by a hardware and storage-focused webinar on June 25.
In his presentation, Heuman will discuss the value of encryption for HIPAA, PCI, FFIEC and other regulatory frameworks and the successful components of a data security program that integrates encryption. He’ll touch on the legal safe harbors for suitably encrypted data, typical encryption methodologies, how to document your choices and implementation and how to demonstrate a successful program to an auditor.
Heuman says that while more and more people are understanding the concept of effective data encryption, some industries are further along than others. And even in organizations that grasp encryption, there is “a lot of fear and confusion” about understanding what type of encryption is required, what that security provides and communicating the effectiveness to senior management.
“What I’m hoping to do is give a plan, a pathway, bullet points to allow attendees to get a better feel for how they can protect data with encryption at their organization,” Heuman said. “And if an organization has taken those steps, can they prove data is suitably encrypted to management, auditors and regulatory bodies?”
Read more about encryption in:
Federal Health IT Budget Increases by 28 Percent: Encryption, Mobile Security & EHR Safety
The proposed federal fiscal 2014 budget calls for a 28 percent increase to support further development of health IT initiatives while taking over where HITECH funding stops (ending in fiscal year 2013). The Office for Civil Rights’ (ONC) funding will … Continue reading →
2013 State of HIPAA Encryption & Authentication for Healthcare
According to the Healthcare Information Security Today report, 2013 Outlook: Survey Offers Update on Safeguarding Patient Information, most healthcare organizations believe that encryption would greatly improve their data security. Forty-one percent plan to encrypt all mobile devices and removable media, … Continue reading →
Encrypting Data to Meet HIPAA Compliance
To address the question of whether or not to use data encryption when it comes to meeting HIPAA compliance and keeping patient health information (PHI) protected, let’s revisit the Health Insurance Portability and Accountability Act of 1996 (HIPAA): … Continue reading →