Rebecca is a widely recognized and respected expert in information privacy, security and compliance. Rebecca has been named in the “Best Privacy Advisors in the World” list all years Computerworld magazine has released their rankings, along with receiving many other awards and recognitions. Rebecca has been leading the NIST Smart Grid privacy subgroup since June, 2009. Rebecca’s Compliance Helper service helps healthcare organizations and their business associates to meet their HIPAA, HITECH and other information security and privacy requirements. Rebecca has been an Adjunct Professor for the Norwich MSIA program since 2004, and she is working on her 15th published book.
Rebecca will be presenting her session Cloud Computing in Healthcare: Key Security and Privacy Issues at this year’s Secure360 Conference.
Tell us a little about yourself
I’ve been working in the information security, privacy and compliance arenas for over two decades. I’ve owned my own business since 2004. I’ve been an Adjunct Professor for the Norwich Master of Science in Information Assurance program since 2005, and I’m working on my 15th, 16th and 17th published books. I was born and raised in a small rural area in north central Missouri, and I’ve lived on a working farm in Madison County, Iowa (where the bridges are) for the past 17 years. I have two sons, 12 yrs and 14 yrs¸ am a fanatic marching band mom, love attending my son’s basketball games, enjoy sports, art, music, and being outside. I love traveling when my family can join me and can have some fun. Otherwise, I try to limit business-only travel as much as possible. We are currently restoring a 100 year old house in town that was empty for several years, so that is interesting and fun.
What’s the topic of your presentation at Secure 360
Cloud Computing in Healthcare: Key Security and Privacy Issues
What do you hope that the audience will walk away understanding from your session?
Several things. Just a few:
- That HIPAA/HITECH requirements are passed along to cloud service providers, and the healthcare entities will be held responsible in part for ensuring the security of the PHI entrusted to the cloud provider business associate (BA).
- That cloud providers BAs are responsible for complying with all of HIPAA/HITECH; they cannot just pick and choose the technology requirements, or some subset of them.
- The wide range of risks that cloud service providers must address, and some of the actions that can be taken to mitigate the risks.
- Some effective ways in which covered entities can maintain ongoing oversight of the business associate cloud service provider’s compliance levels.
If you’ve been to Secure 360 before, what’s your favorite Secure 360 memory?
There are many. I’ve made a lot of new contacts and friends. I’ve met folks in person that I had, until the conference, only communicated with online or over the phone. I’ve been able to see a completely different side of well-known information security and compliance gurus, so that has been cool. A lot of great conversations over lunches and after the conference at the receptions. Plus, I really like the venue; easy to get to, very nice facilities, and great close-by accommodations.
Who do you most want to meet / see at this year’s Secure 360?
I’m looking forward to seeing the folks I typically only get to see once a year while at Secure 360. I’d name some, but then I would hate to find out later that I forgot some good friends and inadvertently snubbed them, so I’ll just refrain on that note. I see there are a lot of other cloud sessions going on, so I may drop in on one or two of them to compare and contrast information based upon my experiences and findings throughout the past few years. The sessions by Jarrett Brachman and Nancy Lyons look very interesting, and I hope to sit in on them.
What’s the favorite technology that you use on a daily basis?
I’m sure you’ll get some interesting and humorous double entendre answers to this! J Favorites would include: laptop, microwave, and coffee maker.