From Compliance to Confidence: Practical HIPAA Security & Privacy in Healthcare

Course Description

Healthcare organizations face increasing cyber threats, regulatory scrutiny, and operational pressure—yet many still struggle to translate HIPAA requirements into practical, effective controls.

In this 60-minute webinar, Dr. Gus Hanna, cybersecurity architect and healthcare compliance expert, breaks down the HIPAA Privacy Rule and Security Rule into clear, actionable guidance. Attendees will learn how HIPAA applies in modern healthcare environments, including cloud and hybrid systems, how ransomware and data breaches impact compliance, and what “reasonable and appropriate safeguards” really mean in practice.

The session will focus on real-world examples, common compliance gaps, and practical security controls that protect patient data while supporting clinical operations. Whether you are responsible for compliance, IT, security, or leadership oversight, this webinar will help you move beyond checklists toward defensible, risk-based HIPAA compliance.

Learning Objectives

By the end of this webinar, participants will be able to:

• Explain the scope and intent of the HIPAA Privacy Rule and Security Rule, including how they apply to modern healthcare organizations and business associates.
• Identify common HIPAA compliance gaps that lead to breaches, enforcement actions, and audit findings—particularly in cloud and hybrid environments.
• Differentiate between administrative, physical, and technical safeguards and understand how each contributes to protecting electronic Protected Health Information (ePHI).
• Apply risk-based thinking to HIPAA compliance, including how to interpret “reasonable and appropriate” safeguards in real-world healthcare settings.
• Recognize how ransomware, phishing, and insider threats impact HIPAA compliance, and evaluate security controls that reduce patient safety and operational risk.
• Map HIPAA Security Rule requirements to industry best practices, including NIST Cybersecurity Framework and NIST SP 800-53 controls.
• Evaluate the roles and responsibilities of covered entities and business associates, including expectations for vendor risk management and shared responsibility models.
• Develop practical next steps to strengthen HIPAA compliance posture, including governance, policies, technical controls, and incident response preparedness.

Areas Covered in the Session

• HIPAA Privacy Rule & Security Rule Overview
  Understanding what each rule covers, how they differ, and how they apply to today’s healthcare and business associate environments.
• Defining and Protecting ePHI
  What qualifies as ePHI, where it lives (EHRs, cloud, endpoints, backups), and why data location matters for compliance.
• HIPAA Safeguards Explained
  Practical interpretation of administrative, physical, and technical safeguards with real-world healthcare examples.
• Risk Analysis & Risk Management
  How to perform and maintain a defensible HIPAA risk analysis and translate findings into prioritized remediation actions.
• Common HIPAA Compliance Gaps
  Frequent causes of breaches and audit findings, including access control failures, insufficient logging, and weak vendor oversight.
• Ransomware & Cyber Threats in Healthcare
  How modern cyberattacks impact HIPAA compliance, patient safety, and breach notification obligations.
• Incident Response & Breach Notification
  What to do before, during, and after a security incident, including timelines and regulatory expectations.
• Vendor & Business Associate Risk Management
  Managing third-party risk, Business Associate Agreements (BAAs), and shared responsibility in cloud environments.
• Aligning HIPAA with NIST & Industry Best Practices
  Mapping HIPAA requirements to NIST CSF, NIST 800-53, and security controls commonly used by healthcare organizations.
• Practical Steps to Strengthen Compliance
  Actionable takeaways, quick wins, and a roadmap to move from checklist compliance to risk-based security maturity.
• Live Q&A Session

Suggested Attendees

1. Healthcare Executives & Leadership

• CEOs, COOs, CIOs, CISOs
• Practice administrators and hospital executives responsible for risk and compliance

2. Compliance, Privacy & Risk Professionals

• HIPAA Compliance Officers

• Privacy Officers

• Risk Management and Governance professionals

3. IT & Cybersecurity Teams

• Security Architects and Engineers

• SOC Analysts and Incident Response Teams

• Network, Cloud, and Infrastructure Engineers

4. Healthcare IT Management

• IT Directors and Managers

• EHR/EHR Systems Administrators

• Health IT Operations leaders

5. Cloud & DevOps Professionals

• Cloud Security Engineers (AWS, Azure, GCP)

• DevSecOps and Platform Engineering teams supporting healthcare workloads

6. Clinical & Operational Leaders

• Clinical informatics leaders

• Department heads involved in patient data workflows

• Telehealth and digital health program managers

7. Legal & Audit Teams

• Healthcare legal counsel

• Internal and external auditors

• Third-party risk and vendor management teams

8. Business Associates & Vendors

• Managed Service Providers (MSPs)

• Healthcare SaaS providers

• Medical device and digital health vendors handling ePHI

9. Incident Response & Crisis Management Teams

• Business continuity and disaster recovery planners

• Emergency preparedness coordinators

10. Healthcare Startups & Innovators

• Founders and product leaders building HIPAA-regulated solutions

• AI, data analytics, and digital health innovators

About the Presenter

Gus Hanna, PhD is an industry recognized cybersecurity and compliance leader with over 25 years of experience securing highly regulated environments across healthcare, government, and critical infrastructure. He has served in senior cybersecurity architecture, virtual CISO, and advisory roles for healthcare providers, medical device manufacturers, SaaS platforms, and public-sector organizations, leading HIPAA, HITRUST, FedRAMP, and NIST 800-53 compliance initiatives from design through audit.

Dr. Hanna brings deep, hands-on expertise in HIPAA Security and Privacy Rule implementation, including risk assessments, access controls, incident response, breach handling, third-party risk management, and cloud security for ePHI in AWS and hybrid environments. He has led security architecture and compliance programs supporting hospitals, clinical systems, medical imaging platforms, telehealth solutions, and regulated healthcare data platforms.

In addition to his industry leadership, Dr. Hanna is a university professor teaching graduate and undergraduate courses in cybersecurity, cloud security, incident response, and secure software engineering. He is a frequent conference speaker and panelist, including keynote presentations on AI, cloud security, and regulatory compliance. His ability to translate complex regulatory requirements into practical, operational guidance makes his sessions highly actionable for both technical and executive audiences.

Additional Information:

After Registration: You will receive an email with login information and handouts (presentation slides) that you can print and share with all participants at your location.

System Requirement:

• Internet Speed: Preferably above 1 MBPS
• Headset: Any decent headset and microphone which can be used to talk and hear clearly

Live Course Cancellation Policy: If for any reason Skillacquire need to cancel this program, Skillacquire will notify participants by email of the cancellation no less than 24 hours prior to the expected start time.

Can’t Listen Live?

No problem. You can get access to an On-Demand webinar. Use it as a training tool at your convenience. For more information, you can reach out to the below contact:

Toll-Free No: 1-302-444-0162

Email: care@skillacquire.com

Address:- 651 N. Broad Street, Suite 206, Middletown, DE 19709