William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.
Miaoulis contributes to the industry by frequently speaking at conferences on security matters, including recent sessions on Risk Analysis/Risk Management, Creating and Implementing Effective Security Policies, Understanding the HIPAA Security Rule, and Creating Effective Security Incident Response Procedures. Miaoulis has been interviewed and quoted by numerous publications including: SC Magazine, Health Data Management, Briefings on Healthcare Security, Computerworld; and Health Information Compliance Insider. Miaoulis has worked with AHIMA to produce the book “Preparing for a HIPAA Security Compliance Assessment” and also has worked on updating the AHIMA Security Practice Briefs.
This presentation will guide the user on the principles of Risk Analysis and Risk Management to prioritize risks. It will rely heavily on the NIST 800-30 as revised and finalized on 09/18/2012.
In this presentation we will discuss the objectives of the HIPAA/HITECH Security Audit, How to accomplish this Audit, How to report within the organization, the fines and penalties that could occur, what steps you can take to document your compliance and the roles and responsibilities within your organization.
The process of risk analysis starts with the simple principle that you must know you have an asset in order to protect it. This session will focus on methods to identify, prioritize, evaluate and strengthen controls within systems. In this session we will review tools and processes that allow organizations to quickly, but effectively review these systems.
Before creating effective security policies and procedures it is important for organizations to understand the significant differences in these two terms. This presentation will explain why you need policies, the key steps to creating effective policies, whom to involve, and the characteristics of an effective policy.