HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
Barry Herrin is one of very few attorneys in the United States who is both a Fellow of the American College of Healthcare Executives and a Fellow of the American Health Information Management Association, recognitions of his professional qualifications beyond the law. He also holds a Certificate in Healthcare Privacy and Security from the American Health Information Management Association, a credential shared by many professional healthcare information managers. He is also a certified barbecue judge.
Barry's practice is devoted primarily to health care and hospital law and policy, privacy law, and representation of tax-exempt healthcare organizations, with a particular emphasis in operational and governance issues, transactional matters, health information management and privacy issues, general compliance matters, and the establishment of physician-hospital collaboratives such as accountable care organizations, integrated delivery systems, joint ventured insurance entities, and jointly owned ambulatory surgery centers. He has over 25 years of experience, the majority of that time having been devoted to serving health care providers, from single physician practices to multi-provider systems. He has been ranked by Chambers and Partners as one of the leading individual attorneys in healthcare in Georgia since 2009.
The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided.
This seminar will explain how to apply the NIST Risk Management Framework to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other health care business and clinical risks – in effect, using the framework to apply to all risk management analyses and mitigation strategies in advance of unpublished Revision 5 to NIST SP 800-53, which purports to do exactly that.