Thora Johnson will present "Cutting Through the Noise: Determining Whether your Vendor’s Security Incident is a Breach" at the 28th National HIPAA Summit on March 5, 2019. Other panelists will include Mark Fox, compliance and privacy officer for American College of Cardiology, and David Holtzman, executive advisor for CynergisTek, Inc. The panel will focus on analyzing vendors' security incident reports to determine if there is a reportable breach. The presentation will also address the questions below through the discussion of several scenarios, through a HIPAA lens and other health information privacy rules.
- Who is responsible for determining if there is a lurking reportable breach caused by your vendor’s security incident?
- Who should you involve at your healthcare organization? The roles your privacy, compliance, and security professionals, in-house counsel, and outside consultants and advisers should play. And when and if they should get involved.
- What questions need to be asked to identify the root cause of the incident? How to determine the extent of information needed to assess the risk of data compromise. How to view the vendor’s own assessment critically.
- How to determine whether to terminate the vendor relationship. Whether terminated or salvaged, next steps with the vendor. Tips for managing vendor relationships to minimize future security incidents and breaches.
For details, please visit the event website here.