Topic: Impact of Security Culture on Security Compliance in Healthcare in the USA: Results from a National Study
Abstract: This presentation shares results from a national study of CIOs and CISOs in US healthcare to point out the importance of a balanced information assurance strategy composed of technology, policy, and people. The Health Insurance Portability and Accountability Act (HIPAA) became law in 1996 with security, and privacy requirements. Administrative safeguards of HIPAA require policies and management of people. Information assurance requires three controls: technology, policy, and people. The National Institute of Standards and Technology (NIST) Document 800-66, which provides guidance for HIPAA, does not address people controls and does not map well to an accepted information assurance model. Data on breaches in healthcare, show 80-90% of breaches are caused by insiders. This study shows that people management within the organization continue to be important for an enterprise security strategy.
Speaker: Dr. Mansur Hasib, CISSP, PMP, CPHIMS
Dr. Mansur Hasib conducted a national study of information security compliance in healthcare and published the results in a book titled Impact of Security Culture on Security Compliance in Healthcare in the United States of America. An inter-disciplinary information assurance strategist, Dr. Hasib has over 25 years experience managing information technology -- including 12 years as Chief Information Officer in healthcare, biotechnology and education. One of his current assignments includes developing the information assurance governance strategy for the Maryland Health Benefit Exchange. As an adjunct, Dr. Hasib teaches Enterprise Security Governance: Building the Human Firewall for the CIO Institute at Heinz College, Carnegie Mellon University and writes regularly for www.internetevolution.com.
Dr. Hasib earned his Doctor of Science in Information Assurance from Capitol College. He also has a Bachelor's degree in Economics from Brandeis University, and a Master's degree in Political Science from Emory University. His industry certifications include CISSP, PMP and CPHIMS. An avid traveler, Dr. Hasib has been to all 50 states of the United States and loves music, comedy and table tennis.