Informatics Research Seminar: Information Security Management – Improvement Needed!

February 29 @ 4:00 – 5:00 pm


Speaker: James C. Murphy, MS, MA, GSEC, CISSP-ISSMP, CISA CISM
Presented from UNC-CH

Broadcast Link: Seminar



All health care organizations are rapidly advancing towards the target of comprehensive electronic communication, whether for payment processing or sharing protected health information. Though greater emphasis has been the protection mechanisms for data transit, it is becoming clear the weakest links remain the end-points – the organizations themselves. The consequences of data breaches are increasingly costly, in both dollars and reputation; therefore, organizations should not simply wait for breaches to occur. Characteristically, protection mechanisms have been unplanned or fragmentary, tracking to lists and regulations, and most organizational security practices are built around responses. The objective of this presentation will be to describe a disciplined information security management effort that includes aspects such as:

  • Proper planning
  • Disciplined implementation
  • Pro-active change management
  • Responsible assessment

The presentation will begin with a major impediment – the clarification of terminology which has led to confusion, and include the detailed descriptions of the manor management aspects. It will conclude with a comparison and discussion of the classic and redefined roles of information security.

Attendees will learn how carefully managed security programs and structures will reduce the potential for breach occurrences and meet the obligations of regulated environment. They will gain constructive suggestions for information security and technology management.


Mr. James C. Murphy is an IT Security professional with 30+ years’ experience, predominantly in healthcare. Currently he is the Information Security Architect in the Office of MMIS Services of the NC Department of Health and Human Services (DHHS), providing information security consulting for major development projects, including the Medicaid and other health plan claims processing system, and the State Health Information Network planning project. For the projects, Jim documents information security and technology architecture requirements and reviews security throughout design and development: access control, data and network protection, regulatory compliance, business continuity, operational and enterprise security, process documentation and project audit.

Mr. Murphy is a member of the Information Systems Security Association (ISSA) Raleigh Chapter, the Eastern North Carolina InfraGard Chapter, where he was recently appointed the Sector Chief for Public Health; a member of the North Carolina Healthcare Information and Communications Alliance (NCHICA), having served on the NC Health Information Security and Privacy Collaboration (HISPC) project and the planning committee for the successful NC Health Information Network proposal. Prior to this, he assessed Sarbanes-Oxley security compliance at an international manufacturing company. He has been a HIPAA Security consultant at the UNC Health Care System; assisting with risk analyses, documentation, and BC/DR planning; directed IT technology for UNC School of Public Health, managing 20+ staff within Systems, Networks, and Telecommunications groups. He has assisted in a Business Impact Assessment and Disaster Recovery Plan for a major mid-western City Government. Mr. Murphy has published various articles, taught and presented programs related to information security management, service continuity, security auditing and security certification training to professional IT and Healthcare audiences.

Mr. Murphy holds an MA in Biology from Wake Forest University, and an MS in Information Science from the UNC School of Information and Library Science and holds GSEC, CISSP-ISSMP, CISA, and CISM certifications.