University of Minnesota
University Relations
myU OneStop

Go to unit's home.

Home | Seminars and Symposia | Past seminars/symposia: Friday, September 24, 2004

DTC Seminar Series

HIPAA Security: The Law and The Reality


Grace Wiechman
Guidant Corporation

Friday, September 24, 2004
3:30 pm

101 Walter Library

Download slides (pdf 634 KB) The health insurance portability and accountability (HIPAA) rule goes into effect on April 21, 2005 for the security rule. What does the HIPAA security rule require? The Rule contains security requirements for administrative, physical and technical safeguards which we will examine. Health care providers face unique issues in implementing this law due to the variety and volume of information collected as well as the unpredictable nature of health care delivery. Security models often collide with the business needs of healthcare delivery.



Grace is a Principal Policy and Security Analyst at Guidant Corporation, a medical device company in the Cardiac Rhythm Management division working with the HIPAA regulation. Prior to joining Guidant, Grace was the Information Privacy and Security Director at Park Nicollet Health Services leading the HIPAA implementation, IT security working-group and developing security infrastructure. Grace co-chaired the Minnesota HIPAA Collaborative security working-group. Prior healthcare security implementation experience includes McKesson Corporation in the product development group as Information Security Director designing security features for web-based clinic software systems and interpreting the HIPAA security rules for new product features. Prior to working in healthcare related fields Grace was a software engineer in the supercomputer industry working on security software, operating systems, file systems at Cray Research, Silicon Graphics, Control Data and two other startups. Grace's regulatory experience also includes the USDA Forest Service determining carrying capacity models for the Boundary Waters Canoe Area Wilderness and Scenic Rivers systems to determine entry point limits for the BWCAW. Grace holds a BA in Computer Science from the University of Minnesota and is a Certified Information System Security Professional (CISSP). Grace is a member of the IEEE and contributed to the IEEE 1003.10 POSIX standards and participated in the IETF Kerberos work groups.