How ISO/IEC 27001 can help achieve HIPAA Compliance or Manager Primer for Ensuring Information Security and Privacy of EHRs

The government enforced healthcare mandates continuously intersect with organizational formations to ensure appropriate goods or services delivered. Signed into law in 1996 by former United States President William J. Clinton, the overall purpose of the Health Information Portability and Accountability Act (HIPAA) includes improving health insurance coverage, simplifying healthcare administration, reducing the occurrences of fraudulent misuse, waste, and abuse of information. Moreover, HIPAA addressed facilitating smooth access to health saving accounts and long-term care services. Although HIPAA does not mandate certification, ISO/IEC 27001 is a powerful way to demonstrate appropriate information security and privacy with necessary accountability and compliance.

Using an information security management system (ISMS) configuration can assist organizations, no matter the size, sector, or regulatory environment; in taking a systematic risk-based approach to managing and securing sensitive company data. By implementing ISO/IEC 27001, your organization is deploying an ISMS that enables support by top leadership, organizational culture and strategy integration, with constant monitoring, updating, and review capabilities. Additionally, your organization will be able to ensure that the ISMS adapts to changes in both in the external and internal healthcare environment as well as identify and reduce risks through using a process of continual improvement.

• An overview of HIPAA
• How an ISO/IEC 27001-aligned ISMS can support HIPAA compliance
• The primary risks associated with data breaches and critical actions in the event of a data breach
• The technical and organizational requirements to achieve HIPAA compliance
• The benefits of implementing an ISMS
• Practical advice on how to improve your ISMS deployment congruent with HIPAA requirements

• The purpose of HIPAA
• Consequences of data breaches
• The reach of HIPAA
• How ISO/IEC 27001 can help with HIPAA compliance
• How to map ISO/IEC 27001 to HIPAA requirements
• ISO/IEC 27001 implementation considerations

Although many healthcare organizations understand the importance of instituting the right procedures to meet Health Insurance Portability and Accountability Act (HIPAA) requirements, not many are aware of the benefits of implementing ISO/IEC 27001 standards compliant with an ISMS deployment. The deployment of ISO/IEC 27001 permits achieving the technical and operational requirements necessary to assist in preventing a data breach under HIPAA. In this webinar, information systems management expert Dr. Robert E. Davis, CISA, CICA will walk you through how to implement an effective ISMS configuration that can help you towards compliance with HIPAA regulations.

• Chief Information Security Officers
• Information Security Directors
• Data governance and management professionals
• Staff attorneys
• Privacy and compliance professionals
• Human resources professionals
• Risk management professionals and auditors tasked with compliance and risk transfer
• Data Protection Officers
• Chief Information Officers/Chief Technology Officers
• Internal Audit Managers and staff
• Information Technology Security Officers 
• Information Technology and Data Consultants, as well as project managers involved in data protection, information security, or cybersecurity issues.

Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.

Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.