PHI Protection Network Hosts Industry Experts to Advise Healthcare Organizations and Business Associates About Best First Steps Toward Patient Data Privacy and Security

Share Article

Experts Prioritize Comprehensive Risk Analysis to Inform Risk Mitigation Decisions and Laptop Encryption

News Image
Organized crime has figured out the going rate for a full health record is approximately $1,300 per record. That’s a powerful incentive for malicious action.

The PHI Protection Network (PPN) and Clearwater Compliance, conference host and co-sponsor, respectively, of the recent PPN Conference, report advice given by leading healthcare privacy and security specialists encouraged particular emphasis on risk analysis and encryption. At the PPN Conference, held last week in Anaheim, California an intimate number of attendees worked with industry experts to brainstorm practical application of recommendations to common security issues.

At a high level, panelists highlighted the top three key threats to healthcare data security in 2014: mobile devices, cloud computing and healthcare data transmission. Individual speakers drilled down into more detail about recommended first steps.

Keynote speaker Joanne McNabb, Director of Privacy Education and Policy for the California Department of Justice Office of the Attorney General, made a strong case for laptop encryption as a first course of action.

“Many of the health care breaches reported to the California Attorney General’s Office are of a type that could be prevented by the strategic use of strong encryption,” said McNabb.

Also a keynote speaker, Larry Clinton, President and Chief Executive Officer of the Internet Security Alliance (ISA), suggested the frequent assumption that the primary threat to data security comes from individual hackers is simply misinformed.

“Organized crime has figured out the going rate for a full health record is approximately $1,300 per record,” Clinton reported. “That’s a powerful incentive for malicious action.”

Bob Chaput, Founder and CEO of Clearwater Compliance, a national HIPAA compliance leader, noted that an organization cannot effectively prioritize tasks for risk mitigation until they evaluate the lay of the land.

“There is no substitute for starting with a comprehensive Risk Analysis which addresses the explicit factors laid out in the HITECH Act,” Chaput emphasized.

One of the fundamental differentiators of the PPN conference is that it is hosted, sponsored and delivered by the industry experts – not by an association or specific vendor.

“The PPN conference provided an exceptional opportunity for healthcare security and privacy leaders to interact with national experts in a small group breakout environment,” said Rick Kam, chair of the PPN organization. “There is virtually no opportunity at most national privacy and security conferences to get this level of interaction with industry thought leaders to discuss solutions to the challenges unique to an attendee’s specific organization.”

Keynote Speakers at this year’s conference included:

  •     Joanne McNabb, Director of Privacy Education and Policy for the Office of the Attorney General in California Department of Justice
  •     Larry Clinton, President and Chief Executive Officer of the Internet Security Alliance (ISA)

Other speakers included:

  •     Bob Chaput, founder and CEO of Clearwater Compliance
  •     Becky Williams, Partner and Chair of Information Technology and HIPAA Practice at Davis Wright Tremaine LLP
  •     Mahmood Sher-Jan, VP & General Manager of RADAR Business Unit of ID Experts
  •     James Christiansen, Information Risk Management at Accuvant
  •     Dr. Cris V. Ewell, CIO at Seattle Children’s Hospital, Research and Foundation
  •     David Finn, CIO,Symantec
  •     Tom August, Director of Information Security at Sharpe HealthCare.

The full day session qualified for education credits from HCCA, IAPP, (ISC)2 and AHIMA.

About PPN

PHI Protection Network (PPN) is an interactive network of PHI protectors and solution providers. This cross-industry group formed to help expedite adoption of PHI best practices. Many PPN members contributed to the report The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, calling for enhanced security to safeguard protected health information. This report was issued in March, 2012 with the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP) and in partnership with The Shared Assessments Program and the Internet Security Alliance (ISA).

About Clearwater Compliance

Clearwater Compliance, LLC, focuses on helping healthcare organizations and their service providers become and remain HIPAA-HITECH Compliant. Owned and operated by veteran, C-suite health care executives, Clearwater Compliance provides comprehensive, by-the-regs HIPAA software and tools, risk management solutions, training, and professional services for small medical practices and healthcare startups to major healthcare systems, health plans and Fortune 100 companies. Since 2003, the company has served more than 350 organizations. Find out more about our HIPAA compliance software, solutions and consulting services at or connect via Twitter: @ClearwaterHIPAA.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Elaine Axum
Clearwater Compliance LLC
+1 (615) 538-2139
Email >
since: 03/2009
Follow >
About Hipaa
since: 03/2011
Like >
Clearwater Compliance LLC

Follow us on
Visit website