Press Release: Preparing for California's Mandatory Security Regulatory Requirements

  • California Establishes Significant Penalties for Violations with New Breach Legislations
  • ecFirst Presents Unique 90 minute Briefing on New California Security Regulations

PRESS RELEASE
Contact: John Schelewitz
Phone: 1.480.663.3225
E-mail: John.Schelewitz@ecfirst.com
Website: www.ecfirst.com

NEWPORT BEACH CA USA -- HIT/HIPAA UPDATE NEWS SERVICE™ -- FEBRUARY 11, 2009: California is the most proactive state in the country with regards to safeguarding personal and health information. California has enacted legislation forcing organizations to notify all residents of California of a security breach within a specified time-period. Further, a newly created California Office of Health Information Integrity must be informed within 5 days of discovery. The new breach notification laws took effect January 1, 2009.

WHAT IS DRIVING CALIFORNIA'S SECURITY REGULATIONS?
Several factors are raising the critical need for organizations to examine their security safeguards to establish more resilient security measures.

  1. A serious intent to combat medical identity theft
  2. Highly publicized data security breaches of tens of thousands of patient records and well known VIPs

Enhanced penalties have been established for violations and a notification timeline has been established - so timely detection is critical. California has expanded its security breach notification law and introduced additional requirements in the area of information security.

ecfirst has introduced exclusive briefing in several cities across California to examine key California regulations in the area of information security that impact all organizations that processes personal information about a California resident. No other forum is bringing together all of the California requirements and digesting critical requirements for your California-based organization. ecfirst has assembled all of the need-to-know data points for you and is presenting them in this exclusive brief!

In this unique 90 minute session we closely examine the mandatory requirements of several California security regulations including SB 1386, AB 1950, AB 1298, AB 211, SB 541 and others. New regulations not only include "personal information," but also "medical information" and "health insurance information." Together we will step through frameworks that may be applied to enable your organization to comply with numerous California requirements for protecting personal information. A question and answer session will follow the presentation.

WHO SHOULD ATTEND THESE SESSIONS?
All organizations/businesses that collect, store, and/or process personal, health or insurance information of California residents are affected by these regulations! All levels of healthcare executives and administrators making strategic decisions on information technology, security, finance and operations should attend this session.

WHAT QUESTIONS SHOULD I BE ASKING ABOUT INFORMATION SECURITY?

  • What personal information does my organization process?
  • What personal information is my organization transmitting?
  • What are all the regulations that impact the personal information my organization comes into contact with?
  • Has my organization recently completed a thorough assessment of the computing environment to identify compliance gaps and security vulnerabilities?
  • Are controls deployed to detect data breaches and incidents on a near real-time basis?
  • Will I even know if there's been a breach at my organization?
  • What are my incident response and incident management procedures?

WHAT WILL I LEARN?

  • Review California's requirements for SB 1386, AB 1950, AB 1298, AB 211, and SB 241
  • Understand other State regulations including Massachusetts' 201 CMR 17.00 and Nevada's statute for encrypting customer personal information in transmission
  • Evaluate what other organizations are doing and review emerging best practices to address State requirements
  • Examine definitions of "personal information", "encryption" and other key terminology in State regulations
  • Evaluate frameworks, standards and guidance documents from the NIST, ISO and other organizations to address State security requirements

Testimonials
"This was a great session given by a very knowledgeable individual. It has opened my eyes to how vulnerable an organization may be. I will review this information with our CIO for further discussion and hope to be calling ecfirst to perform an audit."
Tammy Deras, Applications Manager
Desert Valley Hospital

"One of the best one-hour presentations I have ever witnessed. ecfirst people are true professionals, extremely knowledgeable and passionate about compliance and training."
Michael Boanta, CEO
Boanta & Associates - Consultant for PrivateAccess.info

SPEAKER

Ali Pabrai, CISSP (ISSAP, ISSMP), CSCS Cyber Security & Compliance Expert
Ali Pabrai, chief executive of ecfirst, an Inc. 500 business, is a highly sought after cyber security and compliance expert. Mr. Pabrai has successfully delivered tailored security solutions to hundreds of organizations across the United States. He is also the author of the executive brief "Cyber Security Strategy" and recently launched the Certified Security Compliance SpecialistTM (CSCSTM) program that addresses key compliance and security regulations, including PCI DSS, ISO 27001/27002/27799, HIPAA, FISMA and others. Mr. Pabrai established the healthcare industry's gold standard program on HIPAA certification with the creation of the HIPAA AcademyTM.

Mr. Pabrai is a notable speaker and has presented keynote and other sessions at several conferences worldwide, including Internet World, Comdex, Microsoft HUG Tech Forum, HIMSS Midwest, NetSecure, and Information Systems Security Associations (ISSA) Conferences. He is also a member of the U.S. FBI InfraGard.

LOCATIONS
11:30 am - 1:00 pm in all locations

March 17, 2009 San Diego, CA
March 18, 2009 Los Angeles, CA
March 19, 2009 San Jose, CA
March 20, 2009 Sacramento, CA

REGISTRATION FEE
$95. Includes meal and executive brief hand-outs.

ABOUT ECFIRST AND THE HIPAA ACADEMY
ecfirst, an Inc. 500 business, has served over 1400 clients all across the United States in the areas of compliance, security and professional services. ecfirst delivers deep expertise with its full suite of services that include Compliance Auditing, Contingency Planning & Business Impact Analysis (BIA), Vulnerability Assessments, our industry-unique Managed Compliance Program, Single Sign-On analysis and implementation, IT Project Management, and general security and IT infrastructure solutions. The HIPAA Academy, the gold standard for HIPAA consulting, training and certification, introduced the industry's first Managed Compliance Services Program for HIPAA - a 36-month, budget friendly, fixed price offering to achieve and maintain complete HIPAA Security compliance.
The HIPAA Academy is a division of ecfirst. More details are available at www.ecfirst.com or at www.HIPAAAcademy.Net.

CONTACT US
Contact John Schelewitz at 1.480.663.3225 or at John.Schelewitz@ecfirst.com for more information on ecfirst or the HIPAA Academy or to bring Ali Pabrai to your site.

FOR E-MAIL ADDRESS CHANGE, ADD OR DELETE REQUESTS:

For changes or additions, please email your request to: listmgr@HITHIPAAUpdateNewsService.com.

For removal of your e-mail address, please click the "SafeUnsubscribe" link located in the footer of this message below to automatically remove your address from the list.