ILTA WHITE PAPER: APRIL 2015 WWW.ILTANET.ORG
13
About the Author
Kathryn Hume, Principal Consultant at Security GRC2, advises law firms
on information security practices and policies, ISO 27001 compliance,
information governance and risk management. Prior to joining Security
GRC2, Kathryn worked in Intapp's Risk Practice Group. She is frequently
invited to speak about information security at risk management
conferences and teaches law school seminars on ethics and technology.
Contact her at kathryn.hume@securitygrc2.com.
Tips on Rushing the
HIPAAst Law Firm
Fraternity
On March 26, 2013, the Health Information
Portability and Accountability Act (HIPAA)
officially went into effect, and a new fraternity
of sorts was formed by law firm IT, risk and
information governance professionals.
Kept secret so as not to elicit unwanted attention from the Office
for Civil Rights (OCR), the auditing and regulatory enforcement arm of
the department of Health and Human Services (HHS), the brotherhood
called itself ΦΔΙΓ (Phi Delta Iota Gamma) — code for Protected Health
Information, or PHI, (Φ); changes (Δ); information (Ι); and governance (Γ).