Experts Cite Medical Devices, Patient Portals Among Emerging HIPAA-HITECH Security Threats

Industry Leaders Call for Rigorous, Comprehensive Approach to Risk Analysis During Clearwater Compliance Interactive Blue Ribbon Panel Web Event

Among the emerging information security threats facing healthcare organizations are technology concerns such as medical devices and patient portals, according to a panel of leading HIPAA-HITECH experts convened last week by Clearwater Compliance.

During Clearwater’s first monthly HIPAA-HITECH Blue Ribbon Panel™ , which focused on Risk Analysis DOs and DON’Ts, leaders discussed the critical role of comprehensively identifying organizational risk in the face of a rapidly changing and challenging environment. The panel also underscored the importance of investing in thorough risk analysis efforts, based on expectations from the Office for Civil Rights.

“It’s pretty clear that risk analysis is a priority,” said panelist Adam Greene, a partner with Davis Wright Tremaine and co-chair of its Health Information Group. “In any interaction with OCR, you can count on questions related to risk analysis coming up early and often.”

The panel acknowledged risk analysis is a significant body of work. To avoid getting overwhelmed, several panelists urged organizations not to lose sight of the real goal.

“Your focus should be on reducing risk, not meeting a compliance checklist,” said Feisal Nanji, executive director of Techumen.

While interacting with participants live, the Blue Ribbon Panel experts shared their experiences and provided a foundational understanding of what constitutes a bona-fide risk analysis. They also presented helpful tools to get started.

This month’s panel of experts included:

  • Bob Chaput, CISSP, CIPP-US

Chaput is Founder & CEO of Clearwater Compliance.

  • Adam Greene

Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group.

  • Kamal Govindaswamy, CISSP, CISA, CIPP, ABCP

Govindaswamy is a HIPAA-HITECH Security & Privacy Advisor consultant and President of RisknCompliance Consulting Group LLC.

  • Feisal Nanji

Nanji is Executive Director of Techumen, an information security firm focusing exclusively on securing health care information.

  • Frank Ruelas, MBA

Ruelas is the Compliance Officer, Privacy Officer, and Security Officer for Gila River Health Care.

  • Rick Kam, CIPP

Kam is the founder and president of ID Experts as well as an expert in privacy and information security.

Among the topics covered by panelists were the following:

  • Creating a compelling business case to senior leadership to justify the needed resources for a thorough risk analysis
  • Best practices for frequency and approach to risk analysis
  • How to effective assess compliance efforts of Business Associates
  • Business Associate status of cloud service providers
  • Emerging technology risks, including medical devices and patient portals

“Risk analysis was the perfect topic to kick off our Blue Ribbon Panel series,” said Bob Chaput, CEO and founder of Clearwater Compliance. “Participants were able to get personalized guidance and insight from the brightest minds in the industry on a basic necessity for compliance. This format creates a powerful learning opportunity for attendees.”

Interested organizations can download a full recording of the Blue Ribbon Panel and sign up for next month’s Live Blue Ribbon Panel web event by clicking here.

Next up for the Blue Ribbon Panel is a discussion on Omnibus Implications for Business Associates. The web event is scheduled for Thursday, March 27, 2014  3:30 pm – 5:00 pm CDT.

About the HIPAA-HITECH Blue Ribbon Panel

The Blue Ribbon Panel convenes monthly for 90-minute interactive sessions to discuss relevant news, updates and evolving compliance ramifications via an ongoing series of live web events. Each session features 5-6 national experts who share insight and exchange ideas while fielding questions from attendees.


Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.