June 8, 2005

Medical Device Security At Crossroads Of HIPAA, Cybersecurity and EHRs

Healthcare providers face risks beyond HIPAA if they fail to provide adequate security for their medical devices

Healthcare providers face risks beyond HIPAA if they fail to provide adequate security for their medical devices as illustrated in FDA recommendations to the healthcare community. To help healthcare professionals meet the medical equipment security challenges, Melamedia LLC, publishers of Health Information Privacy/Security Alert sponsored:

Real World Strategies for Medical Device Security:
Addressing HIPAA, FDA Guidelines and EHR Planning

FDA alerted healthcare providers to the urgent need to ensure the security of their medical devices and to establish clear lines of communication with device manufacturers. That guidance and FAQ from FDA, along with the HIPAA security and privacy rules and the growing interest in electronic health records (EHRs) raise significant issues over the respective roles of providers, medical device manufacturers and software developers.

Moreover, healthcare providers face significant challenges as they work to comply with HIPAA privacy and security rules. Securing medical devices, while not interfering with clinical functions, data exchange or device maintenance, requires sophisticated, in-depth understanding of the devices.

There are substantially more medical devices that need to be secured than pieces of IT equipment, and they must be made secure in ways that allow providers to have access information in those devices when they need it.

Efforts to secure medical devices also will have a profound effect on the development and adoption of electronic health records. Ensuring the proper operation and integrity of medical equipment is an important component of the National Health Information Infrastructure.

The bottom line is that healthcare providers must assure the security of their medical devices in planning their EHR systems.

The seminar discusses approaches to ensuring medical device security in the context of HIPAA security and FDA guidance documents and in adopting EHRs.

Participants are briefed on:

How HIPAA and FDA rules create new challenges and risks for healthcare providers;
Why work done under HIPAA privacy and security rules are not alone enough to address the challenges of medical device security;
The HIMSS initiative to assist providers in securing their medical devices;
What role device manufacturers and software developers play in medical device security;
Strategies for developing and incorporating security policies for medical devices;
Establishing a time-line and budget for providing security for medical devices; and
Strategic considerations of medical device security in developing and deploying EHR systems.

Who Should Listen

HIPAA Privacy Officers
HIPAA Security Officers
HIM Professionals
Healthcare IT Managers
Healthcare Providers
Hospital Administrators
Clinical Engineers

Research Administrators
Device Manufacturers
Risk Managers
EHR Vendors and Professionals
Researchers
Healthcare Lawyers and Consultants
Local, State and Federal Government Officials

The Faculty

Stephen L. Grimes, FACCE, SHIMSS, Chair of the HIMSS Medical Device Security Workgroup, chair of American College of Clinical Engineering HIPAA Task Force and a senior consultant for Strategic Health Care Technology Associates.

Scott Bolte, Product Security Program Manager, GE Healthcare., Member of HIMSS Medical Device Security Workgroup, NEMA Security & Privacy Committee, NEMA VA/DoD Task Force.

Dennis Melamed, editor of Health Information Privacy/Security Alert.

Continuing Education Credits

All seminar participants will receive a certificate of participation
1.5 IAPP Credits

CD Ordering

The CD recording with all course materials are excellent educational and briefing resources: $275

Download the form at and fax it to 703.619.4912