Generic placeholder image

Brian Freedman

Brian Freedman is keynote speaker at Compliance Key. Mr. Freedman has earned his Masters of Science in Information Systems and has over 20 years working in IT and Information Assurance. Mr. Freedman leverages deep project management and technical experience in order to lead key elements to several Health-Information Technology (IT), Privacy and Security initiatives. One specific example includes Mr. Freedman's role as Project Lead for a large State of West Virginia HIPAA Security Risk Assessment effort for WV CHIP and PEIA. This effort involves a deep HIPAA Security Rule assessment on behalf of multiple State agencies in order to ensure compliance and program maturity. He helped to design and develop solutions that allowed the State of West Virginia to manage diverse risks through a consistent, coordinated, and sustainable strategy.
Mr. Freedman has supported the Defense Health Agency (DHA) Cybersecurity and Operations Readiness Assessment (CORA) performing in-depth on-site reviews at several US Army and US Navy Hospitals globally based on the DISA Command Cyber Readiness Inspection (CCRI) program. The cybersecurity reviews help to improve cybersecurity and readiness through the enforcement of standards through inspection of the health and security of the hospital's IT infrastructure and physical security.
While supporting McKesson's Information Security and Risk Management division, Mr. Freedman and his team performed application risk assessments for four of McKesson's major business units and over 15 Information Systems developed by McKesson. During the risk assessment process, the team reviewed McKesson's policies and procedures supporting the HIPAA Security Rule, performed technical assessments on the individual information systems, and reviewed compliance status against the HIPAA Security Rule. Helping to refine the HIPAA Risk Assessment Process for McKesson, a mapping process was developed which mapped HIPAA Implementation Specifications, to NIST 800-53 revision 4 Security Controls, and McKesson Information Security Policies and Procedures.
Working with the University of South Alabama, Center for Strategic Health Innovation, he helped to perform a HIPAA Risk Assessment, which included a gap analysis on policies and procedures, technical assessment, physical security assessment, and overall compliance with the HIPAA Security Rule. Additionally, he assisted the University in the creation of its Risk Assessment methodology and procedures to be used with affiliated physician practices around the State of Alabama.
Mr. Freedman also served as an active member on The Office of the National Coordinator for Health Information Technology (ONC) Federal Advisory Standards Committee Transport and Security Standards Workgroup. The workgroup was charged with making recommendations to the National Coordinator for Health IT on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information.
Previous Work Experience
Mr. Freedman has hands-on experience with both the public and private sector healthcare networks and systems: He has worked at one of South Carolina's largest independent physicians practice, Palmetto Primary Care Physicians, as its CIO and Information Technology Director. In his role as CIO, he was responsible for the oversight of all operational and technology functions for 33 Primary Care Physician offices and Specialist clinics. He served as the HIPAA Compliance Officer and managed a team of IT specialists in support of electronic medical records and practice management systems. He drafted and/or rewrote all related policies and procedures for final rule, and designed and delivered a HIPAA training program to more than 650 employees. Mr. Freedman also created and implemented an annual risk management / analysis program to focus on both HIPAA and Meaningful Use compliance. The risk management program developed by Mr. Freedman has provided Palmetto with a continuous risk management program. Mr. Freedman was also the Technical Services Lead on US Navy Medicine Enterprise Services Operations Center project supporting a mix of 80 hospitals and clinics worldwide with over 55,000 users. At Benefitfocus, a leading insurance benefits technology firm, he managed the Infrastructure Services and Information Assurance Group, including help desk, system administration, networking, facilities, security and compliance. Mr. Freedman also served as the organization HIPAA Privacy and Security Compliance Officer developing all related policies and procedures. He also performed periodic risk analysis and network penetration testing to ensure network and applications security and integrity. As a consultant to the Medical University of South Carolina, performed an IT Audit project to determine Year 2000 compliance for workstations and servers. As a follow on the assessment, any machines that were not in compliance were replaced or upgraded to ensure Year 2000 Compliance.
He has co-authored a book on PCI Compliance and is the Technical Editor of a handbook on IT Regulatory and Standards Compliance. In addition, Mr. Freedman is an Adjunct Instructor for the Department of Network Systems Management at a local Technical College where he teaches classes in Information Systems, Networking, Information Assurance, and Regulatory Compliance (HIPAA and PCI). He holds some of the leading industry certifications from Microsoft and Cisco. He is also a CISSP, PMP, and is a Certified HIPAA Compliance Officer (CHCO).

 Webinar Id: HIPBF003
 6 months unlimited
 Duration 60 mins

Cybersecurity for Healthcare Professionals - How to Prevent the Next Attack

With the ever-changing landscape of cybersecurity, there are many threats, vulnerabilities, and malicious individuals trying to take down your network or get access to ePHI. With ePHI being the most valuable data on the dark web sometimes selling for over $100 per record, the bad people are targeting your organization. We will first look at what are the different types of risk, threats, and vulnerabilities on ePHI and methods to keep yo........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPBF002
 6 months unlimited
 Duration 60 mins

HIPAA Risk Assessments and a Methodology for Success

The Risk Assessment, which is required by the HIPAA Security Rule, is often overlooked, misunderstood, or it seems to be too complex to even find a starting point. What some organizations find out is that while they brought in a third party auditor to do a "IT network assessment' that they actually did not end up performing a full blow risk assessment. The webinar will go over what it takes to perform a risk assessment and be in a posit........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPBF001
 6 months unlimited
 Duration 60 mins

HIPAA Security Fundamentals

Come learn about the HIPAA Security Rule and learn the basics of what you need to do to become compliant. The webinar will break down the Security Rule in an easy way to understand what should already be in place or needs remediation within your organization. A review will be performed on of the details of the administrative, physical, and technical safeguards needed to protect your organization. In addition, the Omnibus Rule and the Br........

$167 Recorded (6 months unlimited access)

PayPal logo      godaddy logo
Copyright © 2018 Compliance Key. All Rights Reserved. Back to Top