Sheraton Boston Hotel
September 11-13, 2017 | Boston, 2018 x2, MA

To Prioritize and Manage Risk: Map Your Data

September 12, 2017
2:40pm - 3:10pm
Grand Ballroom

The HIPAA Security Rule requires health care organizations to perform a risk analysis, and the final guidance from the OCR specifies that the scope of the risk analysis must include e-PHI in all forms of electronic media.

To include all your e-PHI, you’ve got to know where it lives, and to know that you’ve got to map it.

This requirement to map your data is more than just a compliance issue. It makes good sense for risk management. Once you’ve mapped the data and know where the most valuable data resides and which systems process the most data, you can develop a strategy that prioritizes risk and ties the data to the most appropriate security controls

In this session, learn how Intermountain Healthcare performs ongoing risk analysis, collects and processes risk information, and uses a data dictionary to prioritize risk mitigation efforts.



Director of Security Architecture and Engineering
Intermountain Healthcare

Learn more about the 2020 Event


Subscribe for updates