PRESS RELEASE
Contact: John Schelewitz
Phone: 1.480.663.3225
E-mail: John.Schelwitz@ecfirst.com
Website: www.ecfirst.com

NEWPORT BEACH CA USA -- HIT/HIPAA UPDATE NEWS SERVICE™ -- JANUARY 8, 2010: In this ecfirst Webcast, step through best practices for incident response for management of data breaches, including critical steps such as preparation, detection, analysis, containment, eradication and recovery. Understand how to address post incident activity including implementing your incident response policy. The HITECH Act, the HIPAA Security Rule, State regulations, PCI DSS, FACTA and other mandates are resulting in covered entities and business associates to clearly identify the type of Personally Identifiable Information (PII) the organization comes into contact with. Further, organizations need to establish that "reasonable and appropriate" steps have been implemented to manage all such sensitive and confidential patient or client data.  

Join ecfirst for a fast paced, interactive Webcast to step through best practices for securing not just PHI, EPHI, or cardholder data, but all PII. Your speakers include cyber security and compliance expert Ali Pabrai and Joe Granneman, Chief Technology Officer and Chief Security Officer of the Rockford Health System.

FREE KINDLE DRAWING FOR WEBCAST ATTENDEES

At the conclusion of the Webcast, ecfirst will announce the winner of a drawing for a free Kindle from Amazon.com (only those who register and attend the complete event are eligible).

The HITECH Act requires healthcare providers, payers, clearinghouses and business associates to report breaches, not only to patients, but also to the U.S. Department of Health and Human Services (HHS) and the media, based on the number of individuals impacted by the breach.

BUSINESS ASSOCIATES MUST ADDRESS INCIDENT & BREACH MANAGEMENT

The HITECH Act introduces specific requirements for business associates to report breaches by a covered entity. Business associates that violate the HIPAA Security Standards or the required terms of their business associate contracts are essentially subject to the same civil and criminal penalties as covered entities. State mandates – California, Massachusetts and others – require personal information to be protected with reasonable precautions. The penalties and consequences for non-compliance have never been greater. States like California are enforcing mandates. Is your organization in compliance with State mandates? Learn how to prepare to address requirements to protect PII.

WHAT WILL YOU LEARN?

1. Examine key components for an incident response plan for breaches of PII, not just PHI or EPHI
2. Identify who needs to be informed and what are the key processes and capabilities you need to enable your organization to address federal and state data breach requirements
3. Understand the concept of “unsecured PHI” and its impact on your policies and processes for data breach management
4. Understand how to prepare for an audit by organizations such as the OCR, CMS, OIG or the FTC
5. Step through best practices for security controls vital for incident detection and management

To learn more about the data breach notification requirement and the critical steps your organization must take to address this mandate, join cyber security and compliance experts, Ali Pabrai and Joe Granneman from Rockford Health System, for the first of its type 60-minute webcast on January 14, 2010.

INTENDED AUDIENCE

• Chief Information Security Officer (CISO or ISO)
• Chief Information Officer (CIO)
• Chief Technology Officer (CTO)
• Director of Information Technology
• Compliance Officer
• Security Analyst
• IT and Security Professionals

SPEAKERS

Ali Pabrai, CISSP (ISSAP, ISSMP), CSCS
Cyber Security & Compliance Expert
ecfirst, Chief Executive
Ali Pabrai, chief executive of ecfirst, an Inc. 500 business (2004), is a highly sought after cyber security and compliance expert. Mr. Pabrai has successfully delivered tailored security solutions to hundreds of organizations worldwide. He is also the author of the forthcoming book, Precision Security and recently launched the Certified Security Compliance SpecialistTM (CSCSTM) program that addresses key compliance and security regulations, including PCI DSS, ISO 27001/27002, HIPAA, FISMA and others. Mr. Pabrai established the healthcare industry’s gold standard program on HIPAA certification with the HIPAA AcademyTM.

Mr. Pabrai is a featured speaker and has presented opening keynote and other sessions at several conferences worldwide, including Middle East Healthcare Congress, Microsoft HUG (HIMSS), HIMSS Midwest, Internet World, Comdex, NetSecure, and Information Systems Security Associations (ISSA) Conferences. He is also a member of the U.S. FBI InfraGard.

Joseph Granneman, CISSP, CSCS
Rockford Health System, CTO & CSO
Joseph Granneman is the CTO and CSO for Rockford Health System in Rockford, Illinois. Rockford Health System is the largest health system serving northern Illinois and southern Wisconsin and is one of 11 health systems in the country that was on the Hospitals & Health Networks 100 Most Wired list for 7 years. He has over two decades of experience in information technology. He is an acknowledged authority on healthcare information technology and security. He has authored many articles for CSO/CIO magazine, SC magazine, and Advance for Health Information Executives. He has also been interviewed by InfoWorld, Enterprise Systems, and Network World on various information technology and information security topics. He has spoken around the country on topics involving implementing and securing healthcare information technology.

He was active in the first Health Information Security and Privacy Security (HISPC) working group and is currently working on the CCHIT Security working group which is developing security standards for certification of electronic medical records.

REGISTRATION INFORMATION

ecfirst BRINGS DEEP EXPERIENCE & EXPERTISE WITH HITECH, HIPAA & U.S. STATE REGULATIONS
ecfirst, home of the HIPAA Academy, is the gold standard for HIPAA and the HITECH Act with its comprehensive array of services that include policy templates, quick reference cards, training, certification and consulting. The ecfirst deep consulting expertise is embodied in its signature methodology, BizShieldTM - that enables organizations to comply with HIPAA and HITECH Act mandates. The ecfirst BizShieldTM methodology specifically includes the following core components:

• A 2-day in-depth certification program, Certified HIPAA Professional (CHP) that addresses HIPAA Privacy, HIPAA Security, the HITECH Act and a lot more
• A 2-day in-depth certification program, Certified Security Compliance SpecialistTM (CSCSTM) that addresses ISO 27000, PCI DSS, HIPAA, HITECH, FISMA and a lot more
• HIPAA/HITECH Security Policy Templates that can easily be tailored to enable your organization establish a comprehensive library of policies that meet compliance mandates
• The industry’s first ISO 27002/HIPAA Security Rule Mapping Framework document
  Managed Compliance Services Program (MCSP) for HIPAA/HITECH that enables your organization to leverage deep ecfirst HIPAA/HITECH expertise and yet pay a fixed monthly fee for a 36-month period and access a range of compliance services

CONTACT ecfirst - THE GOLD STANDARD FOR HITECH AND HIPAA
To bring this presentation to your site, or to tailor a webcast for your organization, please contact John Schelewitz at 1.480.663.3225 or at John.Schelewitz@ecfirst.com. To learn more about ecfirst services, please visit www.ecfirst.com.