An OCR Odyssey... UMMC Case Study

Webinar Overview

Presented by Steve Waite, Executive Director of Compliance at University of Mississippi Medical Center on September 12th, 2019 

A lost laptop resulted in a $2.75 million settlement with the U.S. Department of Health and Human Services, Office for Civil Rights, and began a remediation odyssey that continues today at University of Mississippi Medical Center (UMMC).

This webinar features Steve Waite, UMMC’s Office of Information Security Executive Director, sharing the epic tale of the medical center’s travails in navigating the scrutiny attached to an OCR action.

Learn valuable do’s and don’ts from a medical center that has dealt directly with the OCR. These lessons and more from UMMC’s OCR odyssey will be discussed:

  • Boost end-user data security by implementing practices such as encrypting media storage devices; restricting administrative rights; limiting CD/DVD writing; enforcing security updates; enforcing secure email procedures and technologies and more.
  • Establish accountability for enterprise-level security by implementing a Security Council and Office of Information Security.
  • Address third-party data security by developing a vendor security risk management program.
  • Continuously evaluate and mature all data security and privacy policies and procedures; as well as cybersecurity training for employees; risk assessment programs; incident response programs; business continuity and disaster recovery plans.