Photo copyright Nader Khouri 2015

Chapter is excited to offer deep dish pizza and a presentation on protecting ePHI and the process of implementing/certifying in HITRUST.

(ISC)² SF Chapter Member Meeting: HITRUST, HIPAA & Pizza

Date: November 17, 2016
Time: 6pm – 9pm
Where: Symantec, 303 2nd Street, San Francisco, CA 94107
Parking: Garage and street parking may be available. Taking public transport is recommended.
Guests: Yes
CPE Credit: 1 hour
Registration: Register Here

Come join us on November 17th at Symantec’s San Francisco office for our chapter’s member meeting. We’ll have an exciting presentation and discussion on latest trends.


Erik D. Jones

Erik Jones


HIPAA Compliance & HITRUST

Federal regulations established under Title II of the Code of Federal Regulations include privacy and security rules concerning protected health information (PHI).  Lawmakers sought to make the rules sufficiently broad to allow covered entities and business associates to implement controls, policies and procedures in such a way that they could adapt them to fit their particular use case and business processes.  The issue with this approach is that the industry is left with a broad set of guidelines to both implement and evaluate the efficacy of the information security management program as it relates to electronic PHI (ePHI).  So-called HIPAA compliance audits are as varied as the implementation specifics and this resulted in a rising number of vulnerabilities and subsequent breaches due to poorly implemented security programs despite receiving satisfactory HIPAA audit reports from third-parties.  In addition, the scope and depth of HIPAA audits are so nebulous that companies are motivated at keeping down costs in lieu of quality.  The non-profit HITRUST alliance was formed to address these issues, creating the Common Security Framework (CSF) which incorporates controls and standards from ISO27k, COBIT, PCI, HIPAA/HITECH, meaningful use and many other inputs, providing informations security professionals with a prescriptive standard to securing ePHI.  In this talk, we will talk about the responsibilities and issues protecting ePHI, the process of implementing HITRUST and receiving an certification from the Alliance.

Erik D. Jones is a technology professional with more than 25 years of experience in information technology and software engineering.  He is currently Chief Executive Officer of Jacobian Engineering, an information security firm that he founded along with his partner, Brian Jones, 11 years   ago. The company enables customers to outsource security and IT and provides products and services for compliance certification, risk and audit assessment, forensics, DevOps, and cloud management. Supporting clients from the healthcare industry to startups, Jacobian operates a 24/7 network and security operations center out of its Omaha, Nebraska office and the company is headquartered in Oakland, CA. Erik holds several information security certifications from (ISC )2, Stanford University, HITRUST, and SANS Institute and actively participates in the security community, including the FBI’s InfraGard program.

Event Photos