Security Lessons Learned from HIPAA Enforcement

The federal and state governments have investigated thousands of health care privacy and security cases, received tens of thousands of healthcare breach reports, audited dozens of health care entities, and entered into a few high-profile financial settlements. These enforcement efforts offer a wealth of knowledge on the threats facing the health care industry, the privacy and security issues that represent the largest legal risks, and how improvements can be made. This presentation will analyze past enforcement trends and offer analysis and lessons about ways health care providers and plans can improve the privacy and security of some of our most sensitive information.

Adam Greene is a partner in the Washington, D.C., office of Davis Wright Tremaine, where he primarily counsels health care providers and technology companies on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies, and he was instrumental in the development of the current HIPAA enforcement process. Adam is the Chair of the HIMSS Cloud Security Workgroup and a member of the AHIMA Emerging Issues Practice Council.