Course Description:

The U.S. Department of Health and Human Services, Office for Civil Rights, regulators describe HIPAA as the “floor” with respect to what is required of healthcare organizations to protect patient data and related information assets. In addition to HIPAA, healthcare organizations are subject to a host of other state and federal privacy and security laws. These include:

  • Payment Card Industry Data Security Standard (PCI DSS),
  • Clinical Laboratory Improvement Amendments (CLIA),
  • Patient Safety and Quality Improvement Act (PSQIA)
  • Children’s Online Privacy Protection Rule (COPPA),
  • Fair and Accurate Transaction Act (FACTA)
  • Food and Drug Administration (FDA) rules,
  • Health Information Technology for Economic and Clinical Health (HITECH) Act,
  • Laws that govern electronic media and protect information asset.

Various state laws that address breach notification, protection of personal information, encryption, and medical records also affect a healthcare organization’s privacy and information security programs. As use of electronic media in healthcare organizations increase, so too will laws that govern their use. Increasing demand and the expectations of clinicians, patients, and researchers to control individual health information while meeting the challenges of improving the health of individuals and populations will require new and innovative approaches to protecting privacy.

This one and a half day seminar on state and federal privacy and security laws for healthcare organizations will:

  • Discuss how HIPAA myths and misconceptions have negatively affected privacy and information security programs.
  • Explain why the emphasis on HIPAA may be preventing you from evolving your programs to meet patient and provider expectations in the era of electronic records and new directions in population health.
  • Provide an overview of other laws affecting healthcare organizations.
  • Describe how to select and implement privacy and security frameworks that will enable you to evolve your programs from a regulatory perspective to a cultural norm.
  • Introduce risk analysis and risk management methods, strategies, and key principles of risk mitigation to help you develop an effective and efficient risk process tailored to the uniqueness of your organization.
  • Discuss privacy and information security governance processes, the foundation for effective and robust programs and will explore case studies on how to evaluate governance.
  • Present a comprehensive methodology for evaluating your privacy and information security programs, including tools you can use to evaluate your programs.
  • Discuss the future roles of privacy and information security professionals in healthcare including new requirements and job skills needed to lead and manage programs.

Learning Objectives:

Upon completing this course on healthcare compliance participants will:

  • Understand how HIPAA represents the “floor” of privacy and information security programs and how to change this perspective in their organization.
  • Understand how other federal and state privacy and security laws affect healthcare.
  • Describe the primary functions and uses of the Notice of Privacy Practices and why this document is the primary foundation for their privacy and information security program.
  • Investigate various privacy and security program frameworks and determine which frameworks will work best in their organization and how to implement them.
  • Learn risk analysis methods and tools and how to develop a risk profile for their organization.
  • Perform risk assessments more effectively and develop methods to monitor risk on an ongoing basis.
  • Develop effective and measurable risk mitigation plans for their organization.
  • Understand the paradigm shift that will change privacy and information security programs from a regulatory perspective to becoming a cultural norm.
  • Understand why privacy and information security governance is critical to developing and maintaining effective, robust, and sustainable programs.
  • Develop methods for evaluating governance processes.
  • Learn the components of effective privacy and information security programs and how to evaluate programs.
  • Understand new concepts in data governance and what this means for the future of programs and privacy and information security professionals.
  • Understand the future roles of privacy and security officers, including new skills needed, how responsibilities will change, and new opportunities.

Who Will Benefit:

This course is designed for privacy and information security professionals in healthcare or professionals in other fields who aspire to become officers in healthcare organizations. It will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers or IT companies serving hospitals. Senior leaders and trustees will benefit by learning why privacy and information security programs are changing and the essential roles they can play in this transformation. The following personnel will benefit from the course:

  • Trustees and Directors of Healthcare Organizations
  • Clinical Trial Analyst
  • Senior Leaders and Managers in Healthcare
  • Privacy Officers
  • Information Security Officers
  • Clinical Data Management Personnel
  • Record Management Professionals
  • Quality Professionals
  • Safety Officers
  • Compliance Professionals
  • Health Information Management Professionals
  • Chief Information Officers and Information Technology Professionals
  • Informatics Officers
  • Biomedical Engineers
  • Legal Affairs
  • Internal Auditors
  • Risk Managers

Course Outline:

Day One (8:30 AM – 4:30 PM) Day Two (8:30 AM – 12:00 PM)

Registration Process: 8:30 AM – 9:00 AM

Session Start Time: 9:00 AM

  1. Introduction to Privacy and Information Security in Healthcare
    1. The HIPAA rules
    2. Notice of Privacy Practices: contractual relationships with patients and the community
    3. HIPAA myths and misconceptions
    4. Laws and trends affecting privacy and information security in healthcare
  2. Privacy and Information Security Frameworks and Models
    1. Overview of privacy frameworks: Privacy by Design
    2. Overview of information security frameworks
    3. Selection and implementation of frameworks: success factors and key considerations
    4. Risk analysis and risk mitigation: foundation and key principles
  3. Evolution of Privacy and Information Security: From Regulation to Culture
    1. The Quality/Safety/Privacy/Security Paradigm
    2. Mission and Culture: moving privacy and information security from regulatory perspective to cultural norm
    3. Paradigm Shift: information/data governance and optimization
    4. Future roles, responsibilities, and skills for privacy and information security professionals
  4. Risk Analysis and Risk Management
    1. Important definitions and concepts
    2. Privacy, information security, and organizational risk
    3. Developing a risk profile
    4. Risk management strategies and methods

  1. Privacy and Information Security Governance
    1. Responsibilities: board, senior leaders, managers, workforce members
    2. A privacy and information security governance model
    3. Evaluating governance processes
    4. Best practices: Strengthening governance and meeting new challenges
  2. Evaluating Privacy and Information Security Programs
    1. Components of effective privacy and information security programs
    2. Evaluation methodologies, tools and examples
    3. Case study: evaluating programs and developing work plans

Meet Your Instructor

Phyllis Patrick,
Information Security, Privacy & Compliance Professional, Founder and President at Phyllis A. Patrick & Associates LLC.

Phyllis Patrick is Founder and President of Phyllis A. Patrick & Associates LLC, a consulting group specializing in providing strategic planning, security, and privacy services to the health care industry. The company’s practical approach to security and privacy is reflected in its diversity of clients, which include academic medical centers, community hospitals, physician groups, vendors and business associates, health information exchanges, and pharmaceutical companies.

In addition to serving as Vice President, Planning and as Administrator for laboratory services for a health system in California, Ms. Patrick has held senior positions in security, privacy, and compliance at major academic medical centers in New York. She was named the first Information Security Officer at the Mount Sinai Medical Center in Manhattan. As Vice President and Chief Compliance Officer at the Hospital for Special Surgery, she created and directed the organization’s Compliance Program, which included the Privacy and Security Programs.

As a consultant to Strategies for Tomorrow, a company known for its expertise in Health Information Exchange (HIE) development, Ms. Patrick has led Privacy and Security initiatives for HealtHIE Nevada, Indiana Health Information Technology, Inc. (IHIT), and HealthBridge.

Ms. Patrick is a member of the Privacy and Security Work Group for the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) and a Board member of the New England Healthcare Internal Auditors (NEHIA). A long-time member of the Greater New York Hospital Association (GNYHA), she was a founding member of GNYHA’s Security Work Group and a contributing member of the Compliance Work Group.

A member of the Editorial Advisory Board for HCPro’s Briefings on HIPAA, Ms. Patrick is also member of the GRC Advisory Board for Wolters Kluwer Law & Business. In 2013 she was appointed to the Ponemon Institute’s RIM Council, a select group of privacy, security and information management leaders from multinational corporations who are champions within their various industries on issues involving privacy and data protection. She served on the Board of Examiners for the Malcolm Baldrige National Quality Awards 2006 - 2009.

She is a frequent speaker at national and regional conferences and professional associations, including the HIPAA Summit, AMC Privacy and Security conferences, Health Care Financial Management Association (HFMA), the Association of Healthcare Internal Auditors (AHIA), and others. She is frequently quoted in healthcare publications. She is the author of The Complete Guide to Healthcare Privacy and Information Security Governance.

Ms. Patrick received her B.S. in Psychology from the Pennsylvania State University and her M.B.A. in Health Care Administration from Cornell University. She is a Fellow in the American College of Healthcare Executives and is certified in healthcare compliance and information security management.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at [email protected]

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
6201 America Center Drive Suite 240
San Jose, CA 95002

By Wire -

Register / Pay by Wire Transfer

Please contact us at +1-888-717-2436 to get details of wire transfer option.

Terms & Conditions to Register for the Seminar/Conference/Event

Your registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ [email protected]

Payment is required 2 days before the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. (our parent company).

Cancellations and substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days before the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite, payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available, we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and documents to carry to the seminar venue:
After we receive the payment from the registered attendee, an electronic event pass will be sent to the email address associated with the registrant 5 working days before the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference, you agree to have your photographs or videos taken at the conference venue and you do not have any objections to ComplianceOnline using these photos and videos for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline from any kind of claims arising out of copyright or privacy violations.

Media Partners


Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions

The first European to set foot in California was the Spanish explorer Juan Rodriguez Cabrillo, who stepped on shore near this spot in in 1542. He's the guy they made this statue to look like - and named the park after. We don't know if Cabrillo climbed all the way up to the top of this promontory or not, but people who make up here nowadays get some of the best views of San Diego, looking across the Bay and back toward downtown.

Birch Aquarium is north of San Diego in La Jolla. It's not as big as some of the other aquariums in California or as flashy as the big sea-themed park down the road, but instead just right, filled with interesting exhibits and home to leafy sea dragons like the one above, creatures so improbably they look more like something from a children's book than from the ocean.

Legoland theme park takes its inspiration from Lego toys, those cute little bricks that snap together to build all kinds of fun things. It's one of several Legolands worldwide.

The San Diego Zoo's sister park offers a different kind of animal experience. Its name (Safari Park) is the clue and it indeed offers a more safari-like experience. Lots of large animals live in the same big, open areas here - predators kept away from prey, but otherwise much as they would in their natural habitat.

Coronado isn't really an island but a peninsula - a fact that doesn't get in the way of the name most people use for it. Whatever you call it, it's on a slender strip of land between the San Diego Bay and the Pacific Ocean, barely a few blocks wide. What it lacks in size it makes up for in fun, with a beach that's been named among the best in the country, a classic hotel and a compact, lively little downtown. Coronado's laid-back temperament makes a nice break from the busier parts of San Diego across the water.

Originally built for temporary use during the 1915-16 Panama-California Exposition in San Diego, Balboa Park boasts buildings beautiful enough to be considered attractions in themselves, especially if you're a photographer. They're surrounded by trees, lawns and fountains, but that's only the beginning.

In Spanish, La Jolla means "the jewel," an apt name for a pretty, Mediterranean-style seaside town - sitting on cliffs flanking the ocean.
La Jolla visitors like to shop and eat in the nice restaurants, some of them with lovely ocean views. There's a lot for the active visitor, too, including ocean kayaking, tide pool-hopping, surfing at Windansea Beach, biking or running along the waterfront.

We need below information to serve you better



6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2023 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method