HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
Bruce James is the director of cybersecurity architecture at Intermountain Healthcare. Bruce started his career at eXegeSys, Inc in 2002 as a programmer, working his way to lead engineer. He began his foray into cybersecurity at InterComputer Corporation in 2005 where he served as the chief information security officer from 2007 to 2008, before arriving at Intermountain Healthcare where he's been since in several cybersecurity roles, assuming his current position in 2015.
James earned his bachelor of science from the University of Utah and master of science in information and security assurance.
In this highly interactive session, our panelists will first discuss their worse security nightmares and what they are doing to keep them from becoming reality. Whether it’s responding to ransomware, prioritizing IoT threats, ferreting out malicious insiders before they do harm, or dealing with myriad other threats, our speakers will give attendees actionable in-the-trenches information on how to mitigate some of today’s scariest scenarios.
We’ll then turn the session over to attendees. This is your chance to ask questions specific to your organization or broader industry questions you’d like the panel and other attendees to address.
The HIPAA Security Rule requires health care organizations to perform a risk analysis, and the final guidance from the OCR specifies that the scope of the risk analysis must include e-PHI in all forms of electronic media.
To include all your e-PHI, you’ve got to know where it lives, and to know that you’ve got to map it.
This requirement to map your data is more than just a compliance issue. It makes good sense for risk management. Once you’ve mapped the data and know where the most valuable data resides and which systems process the most data, you can develop a strategy that prioritizes risk and ties the data to the most appropriate security controls
In this session, learn how Intermountain Healthcare performs ongoing risk analysis, collects and processes risk information, and uses a data dictionary to prioritize risk mitigation efforts.