Now Available:  Open Source Policy Documents for Compliance with the Federal Trade Commission's Red Flag / Identity Theft Rules:  Click Here

Publications and Presentations by John R. Christiansen

Copies of some of the following publications and presentations are available for free and some for purchase on the web. Links to materials available online are provided below. Others are available from Christiansen IT Law upon request through the form at the bottom of this page. 

You may wish to check back on this page from time to time, since new publications and presentations will be added. This is not a comprehensive listing of John's publications and presentations which are available, so please feel free to ask about topics which may be available - or suggest a topic for a future work.

---

Featured Publications:

Using Safe Harbors to Reduce Barriers to Implementation of Electronic Health Records and Health Information Networks (2006), available free of charge upon request from Christiansen IT Law

One of the most significant barriers to the implementation of electronic health records (EHRs) and clinical data sharing using health information networks (HINs) is fear of legal liability. This white paper proposes resolution of this barrier by a state-by-state strategy for the creation of "safe harbors," providiing that compliance with specified policies and business practices will insulate healthcare organizations from legal liabilities when using EHRs and HINs.liregulatory iton dtn

An Integrated Standard of Care for Healthcare Information Security: HIPAA, Risk Management and Beyond (2005), available for purchase from American Health Lawyers Association.

This treatise is intended to clarify and guide the development of legal standards of care for information protection, for use in developing compliance and risk management programs, in resolving disputes and for resolving issues in litigation. It demonstrates and explains the evolution of information security thought and practice from the early days of mainframe computing through the present day, and includes discussions of information security obligations under Gramm-Leach-Bliley, FTC and other consumer protection cases, the common law and professional and industry standards as well as HIPAA. Reviewer Becky Williams of Davis Wright Tremaine says it "provides a richly detailed history of the emergence and development of the security standards of care for health information systems. It provides insights into where we came from and where we are going in this expanding and increasingly important area of the law."

Deja Vu All Over Again:  Selected Papers on Electronic Medical Records and Health Information Infrastructure, 1998 - 1999 (2005), available free of charge upon request from Christiansen IT Law.

This is a collection of articles by John R. Christiansen from the late 1990s discussing electronic medical records and clinical information sharing.  While some of the content is unavoidably dated, many of the same issues are recurring in current electronic health records ("EHR") and regional health information organization ("RHIO") initiatives. Since "those who do not remember the past" are often doomed to repeat it, these materials may provide a useful reminder of lessons already learned in these difficult areas.

---

Other Publications and Presentations:

"The Nuts and Bolts of E-Prescribing," American Health Lawyers Association (December 1, 2005), available from American Health Lawyers Association.

"What to Do When Disaster Strikes:  Coping with Security Breach Fallout," SecureWorld Expo (October 19, 2005), available upon request.

"Responding to Governmental Investigations of Privacy and Security Breaches," Health Information Privacy/Security Alert (October 12, 2005), available from Melamedia.

"Security Breach Notification Laws," Information Systems Security Association/Puget Sound Chapter (July 21, 2005), presentation available upon request.

Enterprise Security: The Emerging Standard of Care for Healthcare Information Security, American Bar Association Health eSource (June 2005), available upon request.

"Patient Identity Theft and HIPAA Criminal Prosecution: What You Need to Do to Minimize Your Risks," The Dark Report Audioconference (June 21, 2005), presentation available upon request.

"An Integrated Information Security Standard of Care: Enterprise Security," Washington State Bar Association Data Security Conference (June 8, 2005), presentation available upon request.

"Make Sure You're Ready for HIPAA Privacy and Security Investigations," Ninth Annual Compliance Strategies Conference (June 3, 2005), presentation available upon request.

The New Sarbanes-Oxley Section 404 Guidance: The Pendulum Swings Back Toward Reality, American Health Lawyers Association Sarbanes-Oxley Task Force White Paper (May 2005), available upon request

Managing HIPAA Compliance: Organizational Governance and Risk Acceptance, New Perspectives in Healthcare Auditing (Spring 2005), available upon request.

"Legal and Organizational Issues in Regional Healthcare Information Organization Formation and Management," Northwest Medical Informatics Symposium (April 21, 2005), avalable at NMIS website.

"Identify and Shore Up Your Top Ten Vulnerabilities to Stay HIPAA Compliant," HIPAA Compliance Alert Audioconference (January 26, 2005), available upon request.

"Risk Management in the Enterprise: Translating InfoSec Into 'C'-Speak," Information Systems Security Association/Portland Chapter (January 20, 2005), available upon request.