9091: Caring for Your Patient’s Data - Practicing Good Medicine Beyond Diagnosis and Treatment


Course Description

This course discusses a non-technical overview of an effective cybersecurity program and the importance of implementing appropriate safeguards in this rapidly evolving environment. The speakers highlight strategies to identify common cybersecurity risks including phishing emails, aberrant employee behaviors, completing a mandatory security risk analysis (SRA), maintaining documentation of vulnerabilities and reasonable steps to prevent those risks, and remote access to a patient's Protected Health Information.

Learning Objectives
  1. Identify the elements of an effective cybersecurity program
  2. Recognize certain vulnerabilities in systems and processes that could lead to security incidents
  3. Implement appropriate safeguards to reduce vulnerabilities and the threats that could exploit them
Course Format

This course is an online video option. It consists of a one-hour video presentation, followed by a test. 

Credit Awarded

  • 5% Premium Credit for Physician Policyholders
  • 1.0 CME Credit for Physicians
  • Certificate of Participation for Non-Physicians



Course summary
Available credit: 
  • 1.00 AMA CME
  • 1.00 Attendance
Course opens: 
Course expires: 

CME Information

Accreditation:  This activity has been planned and implemented in accordance with the Essential Areas and policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint providership of the University of Tennessee College of Medicine (UTCOM) and State Volunteer Mutual Insurance Company. The UTCOM is accredited by the ACCME to provide continuing medical education for physicians.

AMA Credit Designation:  The UTCOM designates this enduring material for a maximum of 1 AMA PRA Category 1 CreditTM. Physicians should claim only the credit commensurate with the extent of their participation in the activity.

AAFP:  The AAFP has reviewed Caring for Your Patient’s Data: Practicing Good Medicine Beyond Diagnosis and Treatment and deemed it acceptable for up to 1.00 Enduring Materials, Self-Study AAFP Prescribed credit. Term of Approval is from 01/01/2022 to 12/31/2022. Physicians should claim only the credit commensurate with the extent of their participation in the activity.

AOA:  This program is eligible for one (1) credit hour in Category 2-B of the Continuing Medical Education Program of the American Osteopathic Association. Physicians will need to submit a letter of completion from the University of Tennessee directly to the AOA to receive CME credits.

Continuing Education for Non-Physicians:  The UTCOM will issue Certificates of Participation to non-physicians for participating in this activity and designates it for CEUs using the national standard that 1 hour of educational instruction is awarded .1 CEU.

This activity was reviewed on January 10, 2022. This activity was released on January 1, 2022 and will expire on December 31, 2024. SVMIC will not process any completions after December 31, 2024.


CME Disclosures

No commercial support was received for this activity. No speakers plan to discuss off-label use. No planners or speakers have relevant financial relationships to disclose.


Justin Joy, JD

Justin Joy is a shareholder in the Memphis office of the Lewis Thomason law firm. He also serves as the firm’s privacy officer. In addition to a range of experience in litigation and business law matters, Justin heads up Lewis Thomason’s cybersecurity practice group. He provides counsel to clients in the area of information privacy and cybersecurity, including incident investigation and breach response management, regulatory compliance, privacy and security policy review and drafting, and cyber risk management. Specifically, in the area of healthcare, Justin counsels covered entities and business associates on a variety of matters pertaining to HIPAA Privacy Rule, Security Rule, and Breach Notification Rule compliance. He also represents healthcare groups in state and federal regulatory investigations. Justin speaks frequently to various groups and organizations on the topic of information privacy and cybersecurity.

Justin is a Certified Information Privacy Professional/US (CIPP/US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals. He is a 2001 graduate of Wake Forest University and holds a law and MBA degree from the University of Memphis.


Loretta Verbeck, MS, FACMPE, CHC

Loretta Verbeck has extensive experience in the healthcare industry. During her career she has held roles as Director of Compliance, Director of Practice Management, practice administrator, and Senior Medical Practice Consultant for SVMIC. Loretta’s expertise is in regulatory compliance with an emphasis on HIPAA and the HITECH Act. She authors articles for various industry publications, provides education to medical schools and residency programs, and speaks at the state and national level for professional associations. Loretta has a master’s degree in health law and policy, is a board-certified Fellow in the American College of Medical Practice Executives, and is Certified in Healthcare Compliance.


Available Credit

  • 1.00 AMA CME
  • 1.00 Attendance
Please login to take this course or register for a login.