In this 60-minute webinar, Dr. Gus Hanna, cybersecurity architect and healthcare compliance expert, breaks down the HIPAA Privacy Rule and Security Rule into clear, actionable guidance. Attendees will learn how HIPAA applies in modern healthcare environments, including cloud and hybrid systems, how ransomware and data breaches impact compliance, and what “reasonable and appropriate safeguards” really mean in practice.

The session will focus on real-world examples, common compliance gaps, and practical security controls that protect patient data while supporting clinical operations. Whether you are responsible for compliance, IT, security, or leadership oversight, this webinar will help you move beyond checklists toward defensible, risk-based HIPAA compliance.

Learning Objectives:-

By the end of this webinar, participants will be able to:

• Explain the scope and intent of the HIPAA Privacy Rule and Security Rule, including how they apply to modern healthcare organizations and business associates.
• Identify common HIPAA compliance gaps that lead to breaches, enforcement actions, and audit findings—particularly in cloud and hybrid environments.
• Differentiate between administrative, physical, and technical safeguards and understand how each contributes to protecting electronic Protected Health Information (ePHI).
• Apply risk-based thinking to HIPAA compliance, including how to interpret “reasonable and appropriate” safeguards in real-world healthcare settings.
• Recognize how ransomware, phishing, and insider threats impact HIPAA compliance, and evaluate security controls that reduce patient safety and operational risk.
• Map HIPAA Security Rule requirements to industry best practices, including NIST Cybersecurity Framework and NIST SP 800-53 controls.
• Evaluate the roles and responsibilities of covered entities and business associates, including expectations for vendor risk management and shared responsibility models.
• Develop practical next steps to strengthen HIPAA compliance posture, including governance, policies, technical controls, and incident response preparedness.

Areas Covered:-

• HIPAA Privacy Rule & Security Rule Overview
  Understanding what each rule covers, how they differ, and how they apply to today’s healthcare and business associate environments.
• Defining and Protecting ePHI
  What qualifies as ePHI, where it lives (EHRs, cloud, endpoints, backups), and why data location matters for compliance.
• HIPAA Safeguards Explained
  Practical interpretation of administrative, physical, and technical safeguards with real-world healthcare examples.
• Risk Analysis & Risk Management
  How to perform and maintain a defensible HIPAA risk analysis and translate findings into prioritized remediation actions.
• Common HIPAA Compliance Gaps
  Frequent causes of breaches and audit findings, including access control failures, insufficient logging, and weak vendor oversight.
• Ransomware & Cyber Threats in Healthcare
  How modern cyberattacks impact HIPAA compliance, patient safety, and breach notification obligations.
• Incident Response & Breach Notification
  What to do before, during, and after a security incident, including timelines and regulatory expectations.
• Vendor & Business Associate Risk Management
  Managing third-party risk, Business Associate Agreements (BAAs), and shared responsibility in cloud environments.
• Aligning HIPAA with NIST & Industry Best Practices
  Mapping HIPAA requirements to NIST CSF, NIST 800-53, and security controls commonly used by healthcare organizations.
• Practical Steps to Strengthen Compliance
  Actionable takeaways, quick wins, and a roadmap to move from checklist compliance to risk-based security maturity.
• Live Q&A Session

Who Will Benefit?

• Healthcare Executives & Leadership
  • CEOs, COOs, CIOs, CISOs
  • Practice administrators and hospital executives are responsible for risk and compliance
• Compliance, Privacy & Risk Professionals
  • HIPAA Compliance Officers
  • Privacy Officers
  • Risk Management and Governance professionals
• IT & Cybersecurity Teams
  • Security Architects and Engineers
  • SOC Analysts and Incident Response Teams
  • Network, Cloud, and Infrastructure Engineers
• Healthcare IT Management
  • IT Directors and Managers
  • EHR/EHR Systems Administrators
  • Health IT Operations leaders
• Cloud & DevOps Professionals
  • Cloud Security Engineers (AWS, Azure, GCP)
  • DevSecOps and Platform Engineering teams supporting healthcare workloads
• Clinical & Operational Leaders
  • Clinical informatics leaders
  • Department heads involved in patient data workflows
  • Telehealth and digital health program managers
• Legal & Audit Teams
  • Healthcare legal counsel
  • Internal and external auditors
  • Third-party risk and vendor management teams
• Business Associates & Vendors
  • Managed Service Providers (MSPs)
  • Healthcare SaaS providers
  • Medical device and digital health vendors handling ePHI
• Incident Response & Crisis Management Teams
  • Business continuity and disaster recovery planners
  • Emergency preparedness coordinators
• Healthcare Startups & Innovators
  • Founders and product leaders building HIPAA-regulated solutions
  • AI, data analytics, and digital health innovators