Sheraton Boston Hotel
September 11-13, 2017 | Boston, 2018 x2, MA

"Holistic" Security Framework Supports Business and Clincal Goals

September 11, 2017
1:30pm - 2:00pm
Grand Ballroom

The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided.

This seminar will explain how to apply the NIST Risk Management Framework to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other health care business and clinical risks – in effect, using the Framework to apply to all risk management analyses and mitigation strategies in advance of unpublished Revision 5 to NIST SP 800-53, which purports to do exactly that.


  • The seminar will show how to use a  typical cybersecurity risk analysis to address privacy and other healthcare risks in the enterprise
  • The seminar will re-focus on people and processes to address cybersecurity risks within the healthcare enterprise typically dealt with by technology spending
  • The seminar will help attendees re-orient their thinking about healthcare enterprise risk management using the Framework


Herrin Health Law

Learn more about the 2020 Event


Subscribe for updates