|
Go to Agenda:
Preconferences / Day 1 | Day 3
TWENTY-THIRD NATIONAL HIPAA SUMMIT
AGENDA: DAY II
Tuesday, March 17, 2015
|
7:00 a.m. |
Registration Open; Networking Breakfast
|
MORNING PLENARY SESSION - HIPAA SECURITY
|
8:00 a.m.
|
Welcome and Introduction
John C. Parmigiani
President, John C. Parmigiani and Associates, LLC; Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Co-chair)
Speaker Bio
John Parmigiani is the President of John C. Parmigiani & Associates, LLC. His current primary focus is on helping healthcare organizations become compliant with healthcare regulations, in particular HIPAA and the HITECH revisions, and move toward e-health.
Mr. Parmigiani has over 40 years experience in information systems management in both the public and private sectors. The former Director of Enterprise Standards for the Health Care Financing Administration (HCFA), now the Centers for Medicare & Medicaid Services (CMS), he was the chairman of the government-wide HIPAA Administrative Simplification Security and Electronic Signature Standards Implementation Team that created the Security Rule and was a member of the federal committee that oversaw the development and implementation of the HIPAA Transactions and Code Sets and the Privacy Rule. His post-government experience includes serving as the Senior Vice President for Consulting Services for QuickCompliance, Inc.; the National Practice Director, Regulatory and Compliance Services for CTG HealthCare Solutions, Inc.; and the Practice Director, Compliance Programs for Healthcare Computing Strategies, Inc.
Presentation Material (Acrobat)
|
|
8:15 a.m.
|
Compliance & Cyber Security: Enabling a Credible Program
Uday O. Ali Pabrai, MSEE, CISSP
Chief Executive and Co-founder, ecfirst (Home of HIPAA Academy), Irvine, CA
Speaker Bio
Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security+, is the CEO of ecfirst, Home of The HIPAA Academy. A highly sought-after information security and compliance expert, he has successfully delivered solutions on to organizations worldwide. Mr. Pabrai serves as an Interim CISO for a health system with 30+ locations in USA. Mr. Pabrai has led numerous engagements worldwide for ISO 27000 and HIPAA/HITECH security assessments. Mr. Pabrai's clients include hundreds of hospitals, Kaiser, Microsoft, U.S. Naval Surface Warfare Center, U.S. Defense Intelligence Agency, as well as federal and state governments.
Mr. Pabrai is a proud member of the U.S. InfraGard (FBI).
Presentation Material (Acrobat)
|
|
8:45 a.m.
|
Information Risk Management Essentials
Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US
Chief Executive Officer, Clearwater Compliance; Former Vice President - Technology Operations, GE Information Services, Brentwood, TN
Speaker Bio
Over the past 35 years, Mr. Chaput has worked as an educator, an executive and an entrepreneur. He has assisted businesses and individuals in developing highly secure information technology (IT) strategies that are tightly linked with their business strategies and goals. Given world events, increasingly more stringent security, privacy and compliance regulations around safeguarding personal and healthcare information (PII and PHI) along with increased business dependency on technology, his passion and focus is in helping organizations establish, operationalize and mature their information risk management programs.
Bob is no stranger to managing and protecting large amounts of data -- his experience includes managing some of the world's largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. His business career spans many years of increasingly greater responsibility for all aspects of regulatory compliance and information security, with 25+ of those years covering the highly data-regulated healthcare industry. As an educator, he has continued to expand and update his knowledge base through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.
|
|
Kathy Jobes
Chief Information Security Officer, Sentara Healthcare; Former Enterprise Information Security Officer, Bon Secours Health System, Virginia Beach, VA
Speaker Bio
Kathy Jobes has over 25 years of experience working in healthcare; beginning her career in hospital operations, she worked in clinical, financial and IT roles before settling in information security. Ms. Jobes implemented her first IT Security program at Shands HealthCare, a not-for-profit health system. In 2006 she was recruited to Bon Secours Health System, Inc.to develop a centralized enterprise IT Security program for twenty-one acute-care hospitals, one psychiatric hospital, five nursing care facilities, four assisted living facilities, fourteen homecare and hospice services and over twenty-two thousand employees across seven states.
Eager to once again establish a comprehensive enterprise Information Security program, Ms. Jobes joined one of the nation's top integrated healthcare systems, Sentara Healthcare, in 2013. As the Chief Information Security Officer at Sentara she is responsible for providing Information Security leadership and vision in the areas of identity and access management (IAM), Security Risk Management, governance, education, assurance and threat management.
Kathy's approach to information security is not simply focusing on maintaining a secure network, but ensuring that the Information Security Office plays a key role in risk and reputation management for the whole organization.
Presentation Material (Acrobat)
|
|
9:15 a.m.
|
The Good, the Bad, and the Ugly of Compliance with the HIPAA Security Rule
Deena Coffman
Chief Executive Officer, IDT911 Consulting, New York, NY
Speaker Bio
Deena is the Information Security Officer for Identity Theft 911 and the CEO of the consulting subsidiary, IDT911 Consulting. She has broad experience working with companies and professional service firms providing guidance to clients on technology, data privacy and security, electronic discovery and advanced search and data analytics. Prior to joining IDT, she established the data analytics practice at Kroll when she held the position of Chief Operating Officer for the Cyber Security and Information Assurance practice. Prior to that, she held responsibility for the secure management of evidence and compliance with global data privacy directives for the discovery programs while seconded in the law department of a major financial institution and while holding the position of Discovery Director for Johnson & Johnson. Coffman has authored articles for a variety of national publications, presented at international conferences and on technology and management topics and has been an invited guest to comment on security topics for world and national news programs. She is a graduate of the S. C. Johnson Graduate School of Management at Cornell University and of Queens University in Ontario, Canada.
Presentation Material (Acrobat)
|
|
9:45 a.m.
|
Cloud models and compliance requirements -- which is right for you?
Bill Franklin, CISA, CGEIT, PCI-QSA
Director, Coalfire, Marlborough, MA
Speaker Bio
Mr. Franklin is responsible provides advisory services across IT regulatory areas and IT best practice frameworks. He has over 25 years of experience conducting and managing IT Governance, Risk, and Compliance assessment and audits in the areas of PCI, HIPAA, FFIEC, NIST 800-53, ISO and COBIT.
His areas of expertise include IT compliance regulations and frameworks, IT security, technology risk assessment & audit, project management, and System Development Life Cycle (SDLC). Mr. Franklin has worked with domestic and multinational organizations presenting to and working with Boards of Directors, Audit Committees, Senior Management, and IT and business staff.
|
|
Stephanie Tayengco, MA
Vice President of Network Operations, LogicWorks, New York, NY
Speaker Bio
Ms. Tayengco is responsible for leading Logicworks' Network Operations Center (NOC), including staffing, project management, operations, new service design and implementation, and operations auditing for HIPAA, SSAE-16 SOC 2, SAS 70 Type II, NIST - 800, and PCI compliance. Prior to joining Logicworks in 2000, she helped launch the Media Center at Columbia University. Stephanie graduated from the University of Pennsylvania and holds a Master of Arts degree from Columbia University.
Presentation Material (Acrobat)
|
|
10:15 a.m. |
Break
|
|
10:45 a.m.
|
Responsibilities and Rights of Subcontractors in the Compliance Chain
Phyllis A. Patrick, MBA
Founder and President, Phyllis A. Patrick & Associates, LLC; Former Associate Hospital Director, Mount Sinai Medical Center; Former Vice President and Chief Compliance Officer, Hospital for Special Surgery, Purchase, NY
Speaker Bio
Phyllis Patrick, MBA, FACHE, CHC, CISM is Founder and President of Phyllis A. Patrick & Associates LLC, a group providing strategic planning, information security and privacy services. The Company's practical approach to information security and privacy is reflected in its diversity of clients, which include academic medical centers, community hospitals, physician groups, vendors and business associates, health information exchanges, and pharmaceutical companies.
Ms. Patrick held senior positions at academic medical centers, including appointment as first Information Security Officer for Mount Sinai Medical Center in Manhattan and Vice President & Chief Compliance Officer at Hospital for Special Surgery.
The Company is a member of the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA). Ms. Patrick participates in the Ponemon Institute's RIM Council, a group of privacy, security and information management champions. In 2014, the AHIA Journal, New Perspectives, selected her article on PHI mapping as article of the year. She is the author of The Complete Guide to Healthcare Privacy and Information Security Governance.
She received her MBA from Cornell University and BS from Pennsylvania State University.
Presentation Material (Acrobat)
|
|
11:15 a.m.
|
Healthcare Security Officer Best Practices Roundtable
Gregory Barnes, MS, CISSP, CISA
Chief Information Security Officer, Horizon Blue Cross Blue Shield of New Jersey, Newark, NJ
Speaker Bio
Mr. Barnes is the CISO at Blue Cross Blue Shield of NJ. He has over 20 years of security experience, holds a B.S. in Information Technology, the CISSP and CISA designations, and is just wrapping up his M.S. in Information Assurance at Northeastern; one of eight NSA designated graduate centers of academic excellence in Advanced Cyber Operations. Mr. Barnes has designed, implemented, operated and optimized advanced technologies for numerous Fortune 250 companies. A veteran of the USAF, he has also managed global messaging, intelligence training, and cyber operations systems, including the first intrusion detection systems ever deployed by the DOD.
|
|
Mark Combs, MBA
Assistant Vice President & Assistant Chief Information Officer, West Virginia United Health System, Inc.; Former Chief Information Security Officer, West Virginia University Hospitals, Morgantown, WV
Speaker Bio
Mark Combs is the Assistant VP and Assistant CIO for the WV United Health System. He earned an MBA from West Virginia University in 2001. Mark also serves as the Information Security Officer for WVU Healthcare and the Information Security Officer for University Healthcare in the eastern part of WV. He has been responsible for privacy and security program and policy development and has helped the organization make strides in protecting patient information. Mark has presented on topics ranging from insider threats to the role of information security in healthcare. He has been a part of health information technology in West Virginia for over 18 years.
|
|
Kathy Jobes
Chief Information Security Officer, Sentara Healthcare; Former Enterprise Information Security Officer, Bon Secours Health System, Virginia Beach, VA
Speaker Bio
Kathy Jobes has over 25 years of experience working in healthcare; beginning her career in hospital operations, she worked in clinical, financial and IT roles before settling in information security. Ms. Jobes implemented her first IT Security program at Shands HealthCare, a not-for-profit health system. In 2006 she was recruited to Bon Secours Health System, Inc.to develop a centralized enterprise IT Security program for twenty-one acute-care hospitals, one psychiatric hospital, five nursing care facilities, four assisted living facilities, fourteen homecare and hospice services and over twenty-two thousand employees across seven states.
Eager to once again establish a comprehensive enterprise Information Security program, Ms. Jobes joined one of the nation's top integrated healthcare systems, Sentara Healthcare, in 2013. As the Chief Information Security Officer at Sentara she is responsible for providing Information Security leadership and vision in the areas of identity and access management (IAM), Security Risk Management, governance, education, assurance and threat management.
Kathy's approach to information security is not simply focusing on maintaining a secure network, but ensuring that the Information Security Office plays a key role in risk and reputation management for the whole organization.
|
|
Dennis A. Schmidt, MS, CISSP
Director, Office of Information Systems, HIPAA Security Officer, School of Medicine, University of North Carolina at Chapel Hill, Chapel Hill, NC
Speaker Bio
Dennis Schmidt is the Assistant Dean for Information Technology and the HIPAA Security Officer at the University of North Carolina School of Medicine. Dennis is a Certified Information Systems Security Professional (CISSP) and has over 25 years of experience leading IT teams in academic and military organizations. He holds a Bachelor of Science degree in Electrical Engineering from the University of Texas at Austin and a Master of Science degree in Computer Science from the Naval Postgraduate School in Monterey, CA. Dennis is also a retired naval officer with 24 years of service as a pilot of the P-3C Orion antisubmarine warfare aircraft.
|
|
John C. Parmigiani
President, John C. Parmigiani and Associates, LLC; Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Moderator)
Speaker Bio
John Parmigiani is the President of John C. Parmigiani & Associates, LLC. His current primary focus is on helping healthcare organizations become compliant with healthcare regulations, in particular HIPAA and the HITECH revisions, and move toward e-health.
Mr. Parmigiani has over 40 years experience in information systems management in both the public and private sectors. The former Director of Enterprise Standards for the Health Care Financing Administration (HCFA), now the Centers for Medicare & Medicaid Services (CMS), he was the chairman of the government-wide HIPAA Administrative Simplification Security and Electronic Signature Standards Implementation Team that created the Security Rule and was a member of the federal committee that oversaw the development and implementation of the HIPAA Transactions and Code Sets and the Privacy Rule. His post-government experience includes serving as the Senior Vice President for Consulting Services for QuickCompliance, Inc.; the National Practice Director, Regulatory and Compliance Services for CTG HealthCare Solutions, Inc.; and the Practice Director, Compliance Programs for Healthcare Computing Strategies, Inc.
Presentation Material (Acrobat)
|
|
12:15 p.m. |
Networking Luncheon
|
|
AFTERNOON PLENARY SESSION - HIPAA, HITECH AND HEALTH REFORM
|
1:15 p.m.
|
Welcome and Introductions
William R. Braithwaite, MD, PhD
"Doctor HIPAA"; Braithwaite Consulting; Former Chief Medical Officer, Anakam, Inc.; Former Senior Advisor on Health Information Policy, DHHS, Washington, DC (Co-chair)
Speaker Bio
Dr. Bill Braithwaite has dedicated his career to improving the quality and efficiency of health care for patients and practitioners utilizing information technology. He is best known as the author of the Administrative Simplification Subtitle of HIPAA and as a major contributor to the subsequent federal regulations setting standards for transactions, code sets, identifiers, security, and privacy of personal health information. As an independent consultant, he now works with a few small clients on the policy, technology, and compliance issues of health information privacy and security.
Presentation Material (Acrobat)
|
|
1:30 p.m.
|
Communicating the Importance of Privacy and Security to the C-suite
Daniel J. Solove, JD
John Marshall Harlan Research Professor of Law, George Washington University Law School; Author, Nothing to Hide: The False Tradeoff Between Privacy and Security, Understanding Privacy, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, and The Digital Person: Technology and Privacy in the Information Age, The Future of Reputation, Washington, DC
Speaker Bio
Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, law firms, healthcare institutions, schools, and other organizations. Additionally, he is the organizer of many conferences, including the Privacy + Security Forum.
One of the world's leading experts in privacy law, Solove is the author of numerous books, including Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011) and Understanding Privacy (Harvard 2008). Additionally, he is also the author of several textbooks, including Information Privacy Law (with Paul Schwartz), currently in its 5th edition. He is the author of more than 50 articles. His LinkedIn Blog has more than 890,000 followers.
Presentation Material (Acrobat)
|
|
2:00 p.m.
|
OCR Enforcement Overview
Iliana L. Peters, JD, LLM
Senior Advisor for Compliance and Enforcement, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
Speaker Bio
Iliana L. Peters, J.D., LL.M., is the Senior Advisor for HIPAA Compliance and Enforcement at the HHS Office for Civil Rights. In this role, Ms. Peters is the national lead for OCR enforcement of the HIPAA Rules, and works closely with OCR's ten regional offices to promote compliance with and enforcement of the HIPAA Rules. Additionally, she supports many other OCR policy and outreach initiatives, including rulemakings, compliance initiatives with other federal agencies, and training, including of the State Attorneys General. Prior to joining the team in D.C., Ms. Peters worked as an investigator in Region VI in Dallas, Texas. Ms. Peters received her Law Degree from Duke and her Masters of Law in Health Care Law from the University of Houston's Health Law and Policy Institute. Prior to joining OCR, she worked in private practice in Texas.
Presentation Material (Acrobat)
|
|
2:30 p.m.
|
HIPAA and Payment and Delivery System Reform: Applicability to ACOs, Medical Home, Bundled Payments, etc.
Paul T. Smith, Esq.
Partner, Hooper, Lundy & Bookman, San Francisco, CA
Speaker Bio
Paul Smith advises clients in health care and other industries on health information privacy and security, corporate formation and governance, joint ventures, financing, reimbursement and regulatory compliance. He also represents technology companies in transactional, financing and licensing matters, and data privacy and security.
- Serves as co-general counsel to the Hospital Council of Northern and Central California
- Advises health care providers on health information privacy and security compliance, and incident response
- Advises health care providers on operations, financing and legal compliance
- Represents health care and financial services software vendors in connection with licensing, regulatory and business matters
- Advises hospitals and physicians groups on the structuring and financing of medical practice acquisitions and ancillary service joint ventures
- Advises physicians on medical practice formation, operation, restructuring and dissolution
Presentation Material (Acrobat)
|
|
3:00 p.m.
|
Update from the Health IT Policy Committee's Privacy & Security "Tiger Team"
Deven McGraw, Esq.
Partner, Manatt, Phelps & Phillips LLP; Former Director, Health Privacy Project, Center for Democracy & Technology; Former Chief Operating Office, National Partnership for Women & Families, Washington, DC
Speaker Bio
Deven McGraw is a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP. Her areas of focus include health privacy and data security, health IT policy, and patient engagement. Previously, Ms. McGraw was the Director of the Health Privacy Project at the Center for Democracy & Technology (CDT), where she led efforts to develop and promote workable privacy and security protections for electronic personal health information. Ms. McGraw has served on the Health Information Technology Policy Committee since 2010 and chairs its Privacy and Security Workgroup. Ms. McGraw received her L.L.M. and J.D. from Georgetown University Law Center, an M.P.H. from Johns Hopkins School of Hygiene and Public Health, and a B.S. and B.A. from the University of Maryland, College Park.
Presentation Material (Acrobat)
|
|
3:30 p.m. |
Break
|
|
4:00 p.m.
|
ONC Privacy and Security Policy Update
Lucia Savage, Esq.
Chief Privacy Officer, Office of the National Coordinator for Health IT, US Department of Health and Human Services; Former Senior Associate General Counsel, UnitedHealthcare; Former General Counsel, Pacific Business Group on Health, Washington, DC
Speaker Bio
Appointed Chief Privacy Officer at Office of the National Coordinator for Health Information Technology, Department of Health & Human Services in October 2014, Lucia Savage has been working on health privacy, transparency, and interoperable health information exchange since HIPAA was enacted. She previously served as General Counsel at Pacific Business Group on Health. And, as Senior Associate General Counsel at UnitedHealthcare she advised regarding large data transactions, health information exchange, and APCDs.
Lucia has a BA with Honor from Mills College in Oakland, CA, and received her Juris Doctor summa cum laude from New York University School of Law.
Presentation Material (Acrobat)
|
|
4:30 p.m.
|
Breach Response
Rebecca Fayed, JD, MPH
Associate General Counsel and Privacy Officer, The Advisory Board Company, Washington, DC
Speaker Bio
Rebecca C. Fayed is associate general counsel and privacy officer for The Advisory Board Company in Washington, DC. In this role, Rebecca advises is responsible for all regulatory and data privacy matters. Prior to joining the Advisory Board, Rebecca spent more than ten years in private practice representing hospitals, health systems, health plans, health information technology companies, and other entities within the health care industry in connection with regulatory and data privacy issues. Rebecca has extensive experience developing and implementing health information privacy and security compliance programs, and representing covered entities and business associates in connection with investigations related to privacy and security compliance and complying with federal and state breach notification obligations.
Presentation Material (Acrobat)
|
|
Rebecca L. Williams, RN, JD
Chair, Health Information Practice, Davis Wright Tremaine LLP, Seattle, WA
Speaker Bio
Becky Williams, a registered nurse with hands-on health care experience, is the chair of the Health Information Technology/HIPAA Practice Group.
A nationally recognized authority on HIPAA and the HITECH Act, Becky focuses much of her practice on privacy, security, and health care regulatory issues. She counsels clients on health care privacy and security compliance (e.g. HIPAA, the HITECH Act and their state counterparts). She regularly works on structuring and developing processes and documentation for the electronic sharing of health information, health information exchange and electronic health record ?provisioning donation.? Becky is a health care regulatory attorney who advises clients on anti-kickback, physician self-referral (e.g. the Stark Law), tax exemption, patient care, health care quality, governance and other health law issues. She also works on contracts and transactional matters.
Handout Material (Acrobat)
|
|
5:00 p.m.
|
HIPAA and Big Data
Mitchell Granberg, Esq.
Chief Privacy Officer, Optum, Eden Prairie, MN
Speaker Bio
Mitch Granberg is the Chief Privacy Officer for Optum, an 80,000-employee health technology and services company. He is responsible for all aspects of the Optum privacy program as well as advising on HIPAA, privacy initiatives, and data use and de-identification for such business and activities as Optum Labs, Life Sciences, the Health Care Cost Institute, multi-payer claims databases, and internal de-identified and research databases. He began working for Optum in 2007 and has provided privacy, health care, compliance, and litigation counsel for several Optum subsidiaries. He is also a member of the HITRUST De-Identification Working Group and holds his Certified Information Privacy Professional/United States certification.
Mitch received his B.A. from Northwestern University in 1990, served in the U.S. Army for five years as a military intelligence officer, and then received his J.D. cum laude from the University of Minnesota in 1998, where he was also an editor of the Minnesota Journal of Global Trade. After law school, Mitch was a law clerk for the Minnesota Court of Appeals, and then joined Dorsey & Whitney LLP, where he his practice included health, business, and class action litigation.
Presentation Material (Acrobat)
|
|
5:30 p.m.
|
Preparing for and Responding to an OCR Privacy and Security Audit
Kirk J. Nahra, Esq.
Partner, Wiley Rein LLP, Washington, DC
Speaker Bio
Mr. Nahra is a partner with Wiley Rein LLP in Washington, D.C., where he specializes in privacy and information security litigation and counseling. He is chair of the firm's Privacy Practice and co-chair of its Health Care Practice. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. A long-time member of the Board of Directors of the IAPP, he is the editor of IAPP's Privacy Advisor. He received his law degree from Harvard and his undergraduate degree from Georgetown.
Presentation Material (Acrobat)
|
|
6:00 p.m. |
Adjournment
|
Go to Agenda:
Preconferences / Day 1 | Day 3
|
|
© Health Care Conference Administrators
Contact Webmaster
|