CERT Symposium on Cyber Security Incident Management for Health Information Exchanges


The CERT Symposium on Cyber Security Incident Management for Health Information Exchanges was held June 26, 2013 at Carnegie Mellon University's Posner Center in Pittsburgh, Pennsylvania. Sponsored by the Department of Health and Human Services Office of the National Coordinator for Health Information Technology and bringing together representatives from a range of health information exchanges (HIEs), the symposium provided an opportunity to discuss the cyber security challenges facing HIEs and contributed to improving the overall state of practice. The symposium also featured presentations by selected experts on topics such as

  • HIPAA compliance during a cyber security incident
  • cyber incident reporting and communications
  • cyber security service level agreements in HIEs
  • legal considerations for HIEs when managing a cyber security incident
  • continuity and how HIEs can support providers' incident management practices

Presentations and Paper Now Available

The symposium was captured in its entirety, and videos of individual presentations are available on the presentations page. The paper titled Draft Guide for Health Information Exchanges (HIEs) is available for download.


Cyber Security Incident Management for Health Information Exchanges
June 26, 2013
Carnegie Mellon University Posner Center
Pittsburgh, Pennsylvania

About the CERT Division

The CERT Division at Carnegie Mellon University's Software Engineering Institute, created in 1988, is a national asset in the field of cyber security. Since 2001, the CERT Division has been working in the areas of security process improvement and operational resilience management and engineering. Beginning with the introduction of the OCTAVE method, the division has been researching and developing tools, techniques, and methods that help organizations manage operational risk and improve operational resilience. CERT Resilience Management research and development is currently focused on the CERT Resilience Management Model, critical infrastructure protection, and resilience measurement and analysis.

Explore the Event