Sixteenth National HIPAA Summit: HIPAA Conference, Training and Certification - Agenda

AGENDA: Wednesday, August 20, 2008
Morning Day 2

HIPAA SUMMIT Morning Track Sessions
Morning Track I: Advanced Issues in HIPAA Privacy Compliance
8:00 a.m.	Introduction and Overview; Inquiring Minds Want to Know: Curious Employees who Misuse Patient Information Thomas Jeffry, Jr. Partner, Davis Wright Tremaine, Los Angeles, CA (Co chair)
8:30 a.m.	Privacy as a Cultural Phenomenon Susan E. Mazer President and Chief Executive Officer, Healing HealthCare Systems, Inc., Reno, NV Presentation Material (Acrobat)
9:00 a.m.	Planning Ahead - How will you Respond to a Privacy Breach Involving Thousands of Patients at Your Facility David J. Behinfar, JD, LLM HIPAA Compliance Manager, University of Florida Jacksonville Healthcare, Inc., Jacksonville, FL Presentation Material (Acrobat) Presentation Material (Powerpoint)
9:30 a.m.	HIPAA Privacy and Security Issues in Sharing Immunization Data for Children in the Metropolitan Area Susan A. Miller, Esq. Assistant Program Manager, NJ-HISPC, Chief Operations Officer, Chief Privacy Officer, HealthTransactions.com, Lowell, MA Presentation Material (Acrobat) Presentation Material (Powerpoint)
10:00 a.m.	Break
10:30 a.m.	Speech Privacy: What WEDI, AIA, AHA and USGBC Say William Cavanaugh, FASA INCE Bd Cert, Founding Director, Architectural Acoustics, Bolt Beranek & Newman, Co-founder and Editor, ANSI S12 Workgroup 44, Cambridge, MA Presentation Material (Acrobat) Presentation Material (Powerpoint) Kurt A. Rockstroh, AIA, ACHA President and Chief Executive Officer, Steffian Bradley Architects, Co chair, Health Guidelines Revision Committee, Facility Guidelines Institute (AIA), Boston, MA David M. Sykes Co chair, ANSI S12 Workgroup 44, Cambridge, MA
11:30 a.m.	Trained to Boredom: Strategies for Making HIPAA Training Relevant and Memorable in Ensuring Compliance Brandon Ho HIPAA Compliance Specialist, US Army Medical Command, Pacific Regional Medical Command Tripler AMC, Honolulu, HI
12:00 p.m.	HIPAA Privacy Rule Violation: A Case Study Sarah Ingersoll, RN, MS, MBA Vice President and Director of Case Management, PlanetHospital, Clinical Instructor, Keck School of Medicine, University of Southern California, Pasadena, CA
12:30 p.m.	Networking Luncheon (Annenberg Hall)

Morning Track II: Advanced Issues in HIPAA Transactions, Codes Sets and Identifier Compliance
8:00 a.m.	Introduction and Overview: Overview of Transactions and Code Sets and the National Provider Identifier (NPI) Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS President, Boundary Information Group, Member, Board of Examiners, Health IT Certification, LLC, Past Chair, WEDI, Denver, CO (Co chair) Presentation Material (Acrobat) Presentation Material (Powerpoint)
8:30 a.m.	HIPAA Transactions - The Next Generations David A. Feinberg, CDP President, Rensis Corporation, Seattle, WA Presentation Material (Acrobat) Presentation Material (Powerpoint)
9:15 a.m.	Transactions, Code Sets and Identifiers Compliance: Demystifying the Healthcare Claim Attachments Gary A. Beatty President, EC Integrity, Inc., Past Chair, X12N Insurance Subcommittee, Stewartville, MN
10:00 a.m.	Break
10:30 a.m.	The New Standard Health Identification Card and the ISO Standard US Healthcare Identifier Peter Barry Chief Executive Officer, Enumeron, Co-chair, WEDI Workgroup for National Provider Identifier Implementation, Naples, FL Presentation Material (Acrobat) Presentation Material (Powerpoint)
11:15 a.m.	NPI Implementation Update and ICD 10 Implementation Walter G. Suarez, MD, MPH President & Chief Executive Officer, Institute for HIPAA/HIT Education and Research, President, Public Health Data Standards Consortium, Alexandria, VA Presentation Material (Acrobat) Presentation Material (Powerpoint)
12:30 p.m.	Networking Luncheon (Annenberg Hall)

PRIVACY SYMPOSIUM Plenary Session: Privacy in Transition
8:00 a.m.	Introduction and a Brief Overview of EPIC's "Privacy '08" Initiative: Placing Privacy Policy in the Midst of the Presidential Campaign Marc Rotenberg, Esq. Executive Director, EPIC, Adjunct Professor, Georgetown University Law Center, Co author, Information Privacy Law, Washington, DC (Co chair)
8:30 a.m.	The Future of Privacy: Exposure in a Networked Age Jeffrey Rosen, Esq. Professor of Law, George Washington University, Legal Affairs Editor, The New Republic, Author, The Unwanted Gaze: The Destruction of Privacy in America, Washington, DC
9:00 a.m.	The New, New Thing in Privacy James Koenig, CIPP Practice Leader, Privacy Strategy and Compliance, PricewaterhouseCoopers, Privacy Council, Direct Marketing Association, Former General Counsel, International Association of Privacy Professionals, Philadelphia, PA
9:30 a.m.	Roundtable on the Evolving Role of Privacy Advocacy Lillie Coney Associate Director, EPIC, and Coordinator, Privacy Coalition, Washington, DC Beth Givens, MLS, MA Founder and Director, Privacy Rights Clearinghouse, Author, The Privacy Rights Handbook: How to Take Control of Your Personal Information, Co author, Privacy Piracy: A Guide to Protecting Yourself from Identity Theft, San Diego, CA Presentation Material (Acrobat) Presentation Material (Powerpoint) Chris Hoofnagle, Esq. Senior Staff Attorney, Samuelson Law, Technology & Public Policy Clinic, Senior Fellow, Berkeley Center for Law & Technology, Boalt Hall School of Law University of California, Berkeley, Former Senior Counsel, Electronic Privacy Information Center Berkeley, CA Presentation Material (Acrobat) Presentation Material (Powerpoint) Deven McGraw, Esq. Director, Health Privacy Project, Center for Democracy & Technology, Co chair, Confidentiality, Privacy and Security Workgroup, American Health Information Community, Former Chief Operating Officer, National Partnership for Women & Families, Washington, DC Robert Ellis Smith, Esq. Publisher, Privacy Journal, Author, Privacy: How to Protect What's Left of It and Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet, Providence, RI (Moderator)
10:30 a.m.	Break
10:45 a.m.	Is it Privacy or Control - a CEO's Perspective Michael R. Stanfield, MBA Chairman and Chief Executive Officer, Intersections, Chantilly, VA
11:00 a.m.	The Future of Privacy May Lie in Transformative Technologies: Positive Sum, Not Zero Sum Ann Cavoukian, PhD Information and Privacy Commissioner, Ontario, Author, The Privacy Payoff: How Successful Businesses Build Customer Trust, Ontario, Canada Presentation Material (Acrobat) Presentation Material (Powerpoint)
11:30 a.m.	Privacy in Transition: The International Perspective Ann Cavoukian, PhD Information and Privacy Commissioner, Ontario, Author, The Privacy Payoff: How Successful Businesses Build Customer Trust, Ontario, Canada Stewart Dresner Chief Executive, Privacy Laws and Business, Founder and First Chairman, UK's Data Protection Forum, Harrow, UK Presentation Material (Acrobat) Presentation Material (Powerpoint) Stephen Lau Chairman, EDS Hong Kong, Former Privacy Commissioner, Hong Kong, Hong Kong, China Martin Abrams, MA Senior Policy Advisor and Executive Director, Center for Information Policy Leadership, Hunton & Williams LLP, Washington, DC (Moderator)
12:30 p.m.	Networking Luncheon (Annenberg Hall)

AGENDA: Wednesday, August 20, 2008
Afternoon Day 2

HIPAA SUMMIT Afternoon Track Sessions
Afternoon Track I: Advanced Issues in HIPAA Security Compliance
1:30 p.m.	Introduction and Overview John C. Parmigiani President, John C. Parmigiani and Associates, LLC, Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Co chair) Presentation Material (Acrobat) Presentation Material (Powerpoint)
2:15 p.m.	Out of Sight, Out of Mind: Risks of Working Offsite Kate Borten, CISSP, CISM President, The Marblehead Group, Former Chief Information Security Officer, Beth Israel Deaconess Medical Center and CareGroup, Author, HIPAA Security Made Simple and Guide to HIPAA Security Risk Analysis, Marblehead, MA Presentation Material (Acrobat) Presentation Material (Powerpoint)
3:00 p.m.	Pulling It All Together for Secure Health Information Technology (HIE) Holt Anderson Executive Director, North Carolina Healthcare, Information & Communications Alliance, Inc. (NCHICA), Research Triangle Park, NC Presentation Material (Acrobat) Presentation Material (Powerpoint)
3:45 p.m.	Break
4:15 p.m.	Risk Assessment: Key to a Successful Risk Management Program Timothy H. Rearick, MBA Affiliate Consultant, North Highland, Former Program Director, State of Florida's Health Insurance Portability and Accountability Act, Tallahassee, FL Presentation Material (Acrobat) Presentation Material (Powerpoint)
5:00 p.m.	HITSP Interoperable Standards for Privacy and Security Walter G. Suarez, MD, MPH President and Chief Executive Officer, Institute for HIPAA/HIT Education and Research, Co chair, HITSP Security, Privacy and Infrastructure Technical Committee, Alexandria, VA Presentation Material (Acrobat) Presentation Material (Powerpoint)
5:45 p.m.	Adjournment

Afternoon Track II: Advanced HIPAA Compliance Challenges Raised by Health Information Technology
1:30 p.m.	Introduction and Overview of HIT Privacy and Security Issues Gerry Hinkley, Esq. Partner and Chair, Health Information Technology Practice, Davis Wright Tremaine, Member, HIMSS HIE Steering Committee, CCHIT Privacy Expert Panel and Connecting for Health Policy Subcommittee, San Francisco, CA (Co chair)
2:00 p.m.	Advancing Interoperability: The CAQH CORE Phase II Rules-More Eligibility Data in Real Time Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS President, Boundary Information Group, Member, Board of Examiners, Health IT Certification, LLC, Past Chair, WEDI, Denver, CO Presentation Material (Acrobat) Presentation Material (Powerpoint) Gwendolyn Lohse Director of CORE, CAQH, Washington, DC Morgan Tackett, MHA, CPHIT Director, Electronic Solutions, Blue Cross Blue Shield North Carolina, Durham, NC
2:45 p.m.	eHI Consensus Legislation Project: Engaging Consumers on Privacy Gerry Hinkley, Esq. Partner and Chair, Health Information Technology Practice, Davis Wright Tremaine, Member, HIMSS HIE Steering Committee, CCHIT Privacy Expert Panel and Connecting for Health Policy Subcommittee, San Francisco, CA Janet Marchibroda Chief Executive Officer, eHealth Initiative, Washington, DC
3:30 p.m.	Break
4:00 p.m.	Privacy and Genomics Stanley Crosley Chief Privacy Officer, Eli Lilly Presentation Material (Acrobat) Presentation Material (Powerpoint) Dean Forbes Senior Director of Global Privacy, Schering-Plough Corporation Peter Blenkinsop, Esq. Secretariat and Legal Counsel, International Pharmaceutical Privacy Consortium, Washington, DC
4:45 p.m.	When Is Personal Health Record the Legal Health Record? Privacy and Legal Implications Joan Beach Privacy Official, Catholic Healthcare West, Sacramento, CA
5:30 p.m.	Adjournment

PRIVACY SYMPOSIUM Afternoon Track Sessions
Afternoon Track I: The New, New Thing in Privacy: Coming Challenges for Privacy Professionals
Part I: Introduction to the New Privacy Environment
1:30 p.m.	Overview of the New Privacy Environment James Koenig, CIPP Practice Leader, Privacy Strategy and Compliance, PricewaterhouseCoopers, Privacy Council, Direct Marketing Association, Former General Counsel, International Association of Privacy Professionals, Philadelphia, PA (Co chair)
Part II: New and Emerging Privacy Challenges and Risks
2:00 p.m.	Better Privacy Through Identity Management Jim McCabe Director, Consumer Relations and IDSP, American National Standards Institute, New York, NY Presentation Material (Acrobat) Presentation Material (Powerpoint)
2:30 p.m.	Bringing Administrative, Legal and Technology Controls Together Lance J. Hoffman, PhD Distinguished Research Professor, Computer Science Department, George Washington University, Founder and Senior Staff Researcher, Cyberspace Security Policy and Research Institute, Washington, DC Presentation Material (Acrobat) Presentation Material (Powerpoint)
Part III: The Role of Technology in the New Privacy Environment
3:00 p.m.	From Privacy-Enabled Technology to Privacy-Enabled Architecture Stuart Shapiro, PhD Principal Information Privacy and Security Engineer, The MITRE Corporation, Co editor, U.S. Government Privacy: Essential Policies and Practices for Privacy Professionals, Bedford, MA Presentation Material (Acrobat) Presentation Material (Powerpoint)
3:30 p.m.	Managing Risks in Emergent Telecommuting Scenarios Sagi Leizerov, PhD Senior Manager, IT Enablement Center, Ernst & Young LLP, McLean, VA
4:00 p.m.	Break
Part IV: New Approaches and Frameworks for Privacy Professionals to Manage Risk
4:30 p.m.	Corporate Reputation, Not Regulation: The Case for Creating a Culture of Privacy Mitchell Merowitz Chief Privacy Officer, AIR MILES Rewards Program, LoyaltyOne, Inc., Toronto, ON, Canada
5:00 p.m.	Making Privacy Operational Michael Willett, PhD Senior Director, Seagate Research, Chair, Privacy Framework Project, International Security, Trust, and Privacy Alliance, Raleigh, NC John Sabo, CISSP Manager: Security, Privacy, Trust Initiatives, Computer Associates, President, International Security, Trust, and Privacy Alliance Member, Information Security and Privacy Advisory Board, Islandia, NY Presentation Material (Acrobat) Presentation Material (Powerpoint)
5:30 p.m.	Transferring Risk of a Privacy Event Scott Ernst Hib, Rogal and Hobbs of New York, LLC, New York, NY Paul Paray Underwriting Director, CNA Financial, New York, NY Presentation Material (Acrobat) Presentation Material (Powerpoint)
6:00 p.m.	Genetic Information Nondiscrimination Act (GINA): Intended Effect - Potential Unintended Consequences Tam Woodrum, JD Senior Director, Technology Policy and Information Security, Pfizer, New York, NY
6:30 p.m.	Adjournment

Afternoon Track II: Financial Services and Information Technology Privacy Policy
1:30 p.m.	Introduction and Overview of Financial Services Privacy: Synthesizing Financial Services Industry Privacy David Medine, Esq. Partner, WilmerHale, Former Associate Director for Financial Practices, Office of Consumer Protection, Federal Trade Commission, Former Senior Advisor, National Economic Council, The White House, Washington, DC (Co chair) Presentation Material (Acrobat) Presentation Material (Powerpoint)
2:00 p.m.	Losing Control: Understanding the Value of Privacy after a Breach Christopher T. Pierson, PhD, JD Senior Vice President and Chief Privacy Officer, Citizens Financial Group, Inc., Providence, RI Presentation Material (Acrobat) Presentation Material (Powerpoint)
2:30 p.m.	New Identity Theft Red Flag Rules: What Is New and How Leading Companies are Integrating into Existing Processes Lydia Payne-Johnson Manager, Financial Services Privacy Practice, PricewaterhouseCoopers, Former Chief Privacy Officer, Morgan Stanley, New York, NY Presentation Material (Acrobat) Presentation Material (Powerpoint) Peter Rabinowitz Director, Financial Services Privacy Practice, PricewaterhouseCoopers, Philadelphia, PA
3:00 p.m.	Understanding Enterprise Privacy Compliance Processes for the Financial Services Industry Dan Burks Chief Privacy Officer, US Bank John Carlson Senior Vice President, BITS, Washington, DC Susan Pandy Senior Director, Internet and Commerce, NACHA, Herndon, VA Lawrence A. Ponemon, PhD Chairman and Founder, Ponemon Institute, Adjunct Professor of Ethics and Privacy, CIO Institute, Carnegie Mellon University, Traverse City, MI (Moderator)
3:45 p.m.	Impacts on Practices and Controls from the New Financial Privacy Rules Julianne Inozemcev Partner, Financial Services Organization, Ernst & Young LLP, Boston, MA Campbell Tucker, Esq. Chief Privacy Officer, Wachovia Corporation, Charlotte, NC
4:15 p.m.	Break
4:30 p.m.	Data Breaches: Security and Privacy Lessons Learned Sue Glueck, Esq. Senior Attorney, Microsoft Corporation, Redmond, WA Adam Shostack Senior Security Program Manager, Security Development Lifecycle, Microsoft Corporation, Redmond, WA
5:15 p.m.	Turning the Tables: How Targeted Marketing by Broadband Service Providers Will Disrupt the Google Advertising Model - Privacy Implications Yaron Dori, Esq. Partner, Hogan & Hartson LLP, Washington, DC
6:15 p.m.	Adjournment

Afternoon Track III: Consumer Privacy Policy
1:30 p.m.	Introduction and Overview Martin Abrams, MA Senior Policy Advisor and Executive Director, Center for Information Policy Leadership, Hunton & Williams LLP, Washington, DC (Co chair) Charlene Brownlee, Esq. Partner, Davis Wright Tremaine, Co author, Privacy Law, Seattle, WA (Co chair)
2:00 p.m.	You Want What? -Practical Considerations in and Strategies for Sharing Personal Data in the Information Age Elizabeth Guzik Assistant Vice President and Counsel, Unum Group, Portland, ME Deb Hampson, Esq. Assistant Vice President and Assistant General Counsel, The Hartford, Simsbury, CT Presentation Material (Acrobat) Presentation Material (Powerpoint)
2:30 p.m.	Is There a Conflict Between Fighting Identity Fraud and Protecting Privacy Rights? Jim Dempsey, Esq. Vice President for Public Policy, Center for Democracy & Technology, Former Deputy Director, Center for National Security Studies, Former Assistant Counsel, Judiciary Subcommittee on Civil and Constitutional Rights, United States House of Representatives, Author, Communications Privacy in the Digital Age: Revitalizing the Federal Wiretap Laws to Enhance Privacy, Co author, Terrorism & the Constitution: Sacrificing Civil Liberties in the Name of National Security, San Francisco, CA Ori Eisen Founder, Chairman and Chief Innovation Officer, The 41st Parameter, Former Worldwide Fraud Director, American Express, Former Director of Fraud Prevention, VeriSign/Network Solutions, Scottsdale, AZ Presentation Material (Acrobat) Presentation Material (Powerpoint) Jameel Jaffer, Esq. Director, National Security Project, American Civil Liberties Union, New York, NY Thomas Oscherwitz, Esq. Vice President of Government Affairs and Chief Privacy Officer, ID Analytics, Inc., Former Counsel to Senator Dianne Feinstein (D-Cal.) and Staff, Judiciary Subcommittee on Terrorism, Technology, and Homeland Security, United States Senate, San Diego, CA Presentation Material (Acrobat) Presentation Material (Powerpoint) Randy Gainer, Esq. Partner, Davis Wright Tremaine, Author, The NSA's Interception of Emails and Phone Calls in the U.S. Is Unlawful, Journal of Internet Law, Seattle, WA (Moderator)
3:30 p.m.	Break
4:00 p.m.	Enterprise-Wide Approaches to Identity Theft Identification, Reduction, and Response Kristofor O'Neal, CIPP Associate, Booz Allen Hamilton, Co author, NIST Special Publication 800-35, Guide to Information Technology Security Services, McLean, VA Daniel Steinberg, CIPP Associate, Booz Allen Hamilton, McLean, VA Presentation Material (Acrobat) Presentation Material (Powerpoint)
4:30 p.m.	Privacy: Pre- and Post-Breach Jay Foley Executive Director, Identity Theft Resource Center, San Diego, CA Presentation Material (Acrobat) Presentation Material (Powerpoint)
5:00 p.m.	Consumer Attitudes Toward Behavioral Targeting David Stark, CIPP Vice President, North America Privacy Officer, TNS, Toronto, Ontario, Canada Presentation Material (Acrobat) Presentation Material (Powerpoint)
6:00 p.m.	Adjournment

Afternoon Track IV: Advanced Issues in Domestic and Global Privacy and Security Policy
1:30 p.m.	Introduction Peter J. Reid Chief Privacy Officer, EDS, Plano, TX (Co chair)
2:00 p.m.	Data Privacy...The Internal Threat of Which You May Not be Aware Eric Offenberg, CIPP World Wide Product Marketing Manager, IBM, Princeton, NJ Presentation Material (Acrobat) Presentation Material (Powerpoint)
2:30 p.m.	Understanding Privacy Regulatory Restrictions on Trans Border Data Flow Peter J. Reid Chief Privacy Officer, EDS, Plano, TX
3:00 p.m.	Data Privacy and Corporate Governance Stephen Lau Chairman, EDS Hong Kong, Former Privacy Commissioner, Hong Kong, Hong Kong, China Presentation Material (Acrobat) Presentation Material (Powerpoint)
3:30 p.m.	Break
4:30 p.m.	Developing an Enterprise Wide Privacy and Data Security Training Program Ross T. Janssen, Esq., CIPP University Privacy and Security Officer, University of Minnesota, Minneapolis, MN John Jensen Assistant Director of Privacy and Security, University of Minnesota, Minneapolis, MN
5:00 p.m.	Using Safe Harbor to Develop an Integrated, Global Assessment Approach Laurie A. Smaldon Manager, Privacy and Identity Theft Practice, PricewaterhouseCoopers, New York, NY Dean Forbes (Invited) Senior Director, Global Office of Privacy, Schering-Plough, Kenilworth, NJ
5:30 p.m.	Adjournment

8:00 p.m.

Special Workshop: A Framework for Trusted Health Information Sharing in the 21st Century
Including an Analysis of Key Privacy and Security Issues

Carol Diamond, MD, MPH
Managing Director, Health Program, and Chair, Connecting for Health, Markle Foundation, New York, NY

Gerry Hinkley, Esq.
Partner and Chair, Health Information Technology Practice, Davis Wright Tremaine, San Francisco, CA

Today, like never before, health information users, producers and services are seeking to leverage the power of the Internet to give consumers and health professionals access to vital health information. Despite consumers' desire to reap the benefits of new technologies -- including personal health records and related services - they have enduring concerns about whether private health information will be safe and secure, and those concerns have been amplified by a steady stream of news about data breaches. This session discuss how a small set of common expectations -- core privacy principles, sound network design, and oversight and accountability -- can provide a flexible and scalable policy framework and a trusted foundation for 21st century tools to evolve and innovate. The session will discuss the Connecting for Health experience creating the Common Framework for Private and Secure Health Information Exchange and its more recent work to apply the Common Framework to Networked Personal Health Information services.