Course Description:

Protected Health Information (PHI) mapping refers to identifying where PHI resides, how it is used and how it is protected. When PHI mapping technologies and techniques are used to detect where PHI resides, the organization can develop policies, priorities and strategies for protecting the information. PHI may change during the data life cycle. PHI mapping, if conducted appropriately and on a regular basis, will help to identify and implement effective compliance and risk mitigation strategies for managing risks associated with protecting PHI and data leakage.

This one and a half day workshop conference on PHI mapping will:

  • Explain PHI concepts and why PHI mapping is important for the organization’s security and privacy programs.
  • Explore the data life cycle of PHI and define the risks associated with each cycle.
  • Discuss key factors that are important in selecting and implementing PHI mapping strategies, from governance to developing program goals to vendor selection, metrics, program evaluation and ongoing enhancements.
  • Describe how to apply risk analysis and risk management techniques to PHI mapping.
  • Present PHI mapping methods and tools, including qualitative tools and quantitative tools, outsourcing PHI mapping, and related issues.
  • Explain how to develop and implement an effective and ongoing PHI mapping strategy.
  • Present processes for vendor selection, including what to include in a Request for Proposal (RFP) or Request for Information (RFI), and how to evaluate vendors for your organization.
  • Discuss how PHI mapping can be used for managing risks and facilitating compliance strategies.

Learning Objectives:

Upon completing this course on managing risk through PHI mapping participants will:

  • Understand the basic concepts associated with PHI mapping and the importance to the organization’s risk strategy.
  • Understand the data life cycle and why it is important for PHI mapping strategies.
  • Learn how data analytics are affecting healthcare organizations and why PHI mapping is more important than ever in protecting the organization’s information assets.
  • Be able to describe the benefits of PHI mapping for the organization’s mission and goals.
  • Be able to describe why and how PHI mapping is an integral part of the organization’s risk analysis and risk management processes.
  • Be able to describe the primary methods of PHI mapping, including quantitative and qualitative methods, technologies available to assist in the process, and other methods.
  • Learn how to identify and research PHI mapping technologies and methods.
  • Understand the key components of selecting and implementing effective strategies for PHI mapping in different types of organizations.
  • Learn how to determine the best PHI mapping approach for their organization based on mission, goals, threats and vulnerabilities, uses of PHI, and priorities.
  • Be able to develop a RFP/RFI for selecting a PHI mapping vendor and implementing an outsourcing arrangement.
  • Understand how to measure PHI mapping program results, including measurement techniques and development of program metrics.
  • Be able to describe how effective PHI mapping affects the organization’s security and privacy programs.

Who Will Benefit:

This course is designed for information security and privacy professionals in healthcare or professionals in other fields who aspire to become officers in healthcare organizations. Information technology professionals will benefit by learning why and how PHI mapping is critical to information security programs and how to measure and support effective programs. Business associates, vendors and contractors who work with healthcare organizations will learn what is important in protecting PHI assets in healthcare and how their organizations can best meet the needs of their clients for protecting patient information.

The following personnel will benefit from the course:

  • Information Security Officers
  • Privacy Officers
  • Information Technology Professionals
  • Chief Information Officers and Chief Technology Officers
  • Vendors and Contractors that Work with Healthcare Organizations
  • Safety Officers
  • Compliance Professionals
  • Health Information Management Professionals
  • Legal Affairs
  • Internal Auditors
  • Risk Managers
  • Companies that provide automated data loss detection and data loss prevention products and methods.

Course Outline:

Day One (8:30 AM – 4:30 PM) Day Two (8:30 AM – 12:00 PM)

Registration Process: 8:30 AM – 9:00 AM

Session Start Time: 9:00 AM

Introduction to PHI Mapping and Why it is More Important than Ever

  • PHI as an asset to healthcare organizations
  • PHI concepts and definitions
  • The value of PHI in patient care, research, and education
  • PHI and data analytics: the new paradigm

Factors Affecting the Importance of PHI Mapping

  • Data analytics and big data in healthcare
  • How healthcare regulatory reforms are affecting information assets in healthcare
  • Implications of Health Information Exchange (HIE)
  • mHealth impacts and scenarios

Key Factors in Selecting and Implementing PHI Strategies (Part I)

  • Governance
  • Program planning, goals and objectives, and policies
  • Documentation policies, practices and procedures
  • Data identification and classification
  • Vendor selection for automated DLD/DLP tools and outsourcing scenarios

Key Factors in Selecting and Implementing PHI Strategies (Part II)

  • Implementation do’s and don’ts
  • Training and awareness strategies and approaches
  • Metrics: how to measure results
  • Program evaluation and ongoing enhancement
  • PHI mapping as the foundation for identifying and managing risk

PHI Mapping: Methods and Tools

  • The data life cycle of PHI
  • Where PHI resides and how to identify it
  • Why use tools? What they can do for you.
  • Overview of tools available for PHI mapping
  • Surveys and interviews: methods, techniques and strategies

PHI Approaches and Tools Selection

  • Automated and non-automated methods of identifying and classifying PHI
  • How to evaluate tools to find the best solution for your organization
  • Tool selection, implementation and management
  • mpact of PHI mapping on infrastructure and operations

PHI Mapping: A Model for Managing Risk and Facilitating Regulatory Compliance

  • Changing risk factors and regulatory considerations
  • PHI mapping as on ongoing program: evaluation, change and management
  • How to measure benefits of PHI mapping and the impact on information security and privacy programs.

Meet Your Instructor

Phyllis Patrick,
Information Security, Privacy & Compliance Professional, Founder and President at Phyllis A. Patrick & Associates LLC

Phyllis Patrick is Founder and President of Phyllis A. Patrick & Associates LLC, a consulting group specializing in providing strategic planning, security, and privacy services to the health care industry. The company’s practical approach to security and privacy is reflected in its diversity of clients, which include academic medical centers, community hospitals, physician groups, vendors and business associates, health information exchanges, and pharmaceutical companies.

In addition to serving as Vice President, Planning and as Administrator for laboratory services for a health system in California, Ms. Patrick has held senior positions in security, privacy, and compliance at major academic medical centers in New York. She was named the first Information Security Officer at the Mount Sinai Medical Center in Manhattan. As Vice President and Chief Compliance Officer at the Hospital for Special Surgery, she created and directed the organization’s Compliance Program, which included the Privacy and Security Programs.

As a consultant to Strategies for Tomorrow, a company known for its expertise in Health Information Exchange (HIE) development, Ms. Patrick has led Privacy and Security initiatives for HealtHIE Nevada, Indiana Health Information Technology, Inc. (IHIT), and HealthBridge.

Ms. Patrick is a member of the Privacy and Security Work Group for the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) and a Board member of the New England Healthcare Internal Auditors (NEHIA). A long-time member of the Greater New York Hospital Association (GNYHA), she was a founding member of GNYHA’s Security Work Group and a contributing member of the Compliance Work Group.

A member of the Editorial Advisory Board for HCPro’s Briefings on HIPAA, Ms. Patrick is also member of the GRC Advisory Board for Wolters Kluwer Law & Business. In 2013 she was appointed to the Ponemon Institute’s RIM Council, a select group of privacy, security and information management leaders from multinational corporations who are champions within their various industries on issues involving privacy and data protection. She served on the Board of Examiners for the Malcolm Baldrige National Quality Awards 2006 - 2009.

She is a frequent speaker at national and regional conferences and professional associations, including the HIPAA Summit, AMC Privacy and Security conferences, Health Care Financial Management Association (HFMA), the Association of Healthcare Internal Auditors (AHIA), and others. She is frequently quoted in healthcare publications. She is the author of The Complete Guide to Healthcare Privacy and Information Security Governance.

Ms. Patrick received her B.S. in Psychology from the Pennsylvania State University and her M.B.A. in Health Care Administration from Cornell University. She is a Fellow in the American College of Healthcare Executives and is certified in healthcare compliance and information security management.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at [email protected]

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
6201 America Center Drive Suite 240
San Jose, CA 95002

By Wire -

Register / Pay by Wire Transfer

Please contact us at +1-888-717-2436 to get details of wire transfer option.

Terms & Conditions to Register for the Seminar/Conference/Event

Your registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ [email protected]

Payment is required 2 days before the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. (our parent company).

Cancellations and substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days before the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite, payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available, we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and documents to carry to the seminar venue:
After we receive the payment from the registered attendee, an electronic event pass will be sent to the email address associated with the registrant 5 working days before the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference, you agree to have your photographs or videos taken at the conference venue and you do not have any objections to ComplianceOnline using these photos and videos for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline from any kind of claims arising out of copyright or privacy violations.

Media Partners


Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions

This Frederick Law Olmsted-designed park, famous for its Swan Boats, has over 600 varieties of trees and an ever-changing array of flowers. It is America's first public garden.

The Boston Public Library was the first large municipally-funded public library in America. It has a central location right in the heart of Copley Square, facing the Trinity Church, easily accessible by taking the Green Line to Copley station (or also near to Orange Line Back Bay stop).

Fenway Park is the oldest Major League baseball park in the United States. Its small, intimate atmosphere really allows you to feel like you are "in the game." The park is situated right in downtown Boston - so it is very accessible if you are visiting the area.

Boston's oldest, largest and best-known art institution, the MFA houses one of the world's most comprehensive art collections and is renowned for its Impressionist paintings, Asian and Egyptian collections and early American art.

The Boston Museum of Science is a long-standing tradition for families in Boston, but that doesn't mean adults won't enjoy themselves too! Their exhibits range from dinosaurs to space travel to wildlife to physics to human biology to an in-depth look at Boston's "Big Dig" project.

This Italian neighborhood, Boston's oldest, is known for its wonderful restaurants and historic sights.

The signal from the steeple of Boston's oldest church triggered the War for Independence that led to the birth of America. On that fateful night in 1775, the two lanterns in the steeple told Paul Revere that the British were approaching by boat, not on foot.

We need below information to serve you better



6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2021 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method