AGENDA: DAY II
WEDNESDAY, MARCH 4, 2020
7:00 am
Registration Open; Networking Breakfast
MORNING PLENARY SESSION — HIPAA POLICY UPDATE & HIPAA SECURITY
8:00 am
Welcome and Introduction
John C. Parmigiani
President, John C. Parmigiani and Associates, LLC; Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Co-Chair)
President, John C. Parmigiani and Associates, LLC; Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Co-Chair)
John Parmigiani is President of John C Parmigiani & Associates, LLC. His primary focus is on helping healthcare organizations become and maintain compliance with healthcare regulations, in particular HIPAA and the HITECH provisions and move toward electronic healthcare. He has over 40 years’ experience in information management systems in both the public and private sectors. His HIPAA/HITECH work has ranged from performing compliance and risk assessments and design activities to serving as an expert witness in privacy violation cases.
8:15 am
HIPAA Policy Update
Marissa Gordon-Nguyen, MPH, JD
Senior Advisor for HIPAA Policy, US Department of Health and Human Services, Washington, DC
Senior Advisor for HIPAA Policy, US Department of Health and Human Services, Washington, DC
Marissa Gordon-Nguyen is the Senior Advisor for HIPAA Policy in the Office for Civil Rights (OCR), U.S. Department of Health and Human Services (HHS). In this role, she leads the implementation of HIPAA privacy and security policies through rulemaking initiatives and the development of sub-regulatory guidance. She also advises federal agencies, advisory committees, and Congressional offices on aspects of the HIPAA Rules and their underlying privacy principles, among other responsibilities. Marissa joined OCR’s Health Information Privacy Division in 2009.
9:00 a.m.
HITRUST CSF: A Credible Standard for Ensuring HIPAA Compliance
Uday O. Ali Pabrai, MSEE, CISSP, HITRUST (CCSFP)
Chief Executive and Co-founder, ecfirst (A HITRUST Authorized External Assessor), Irvine, CA
Chief Executive and Co-founder, ecfirst (A HITRUST Authorized External Assessor), Irvine, CA
Ali Pabrai is the chief executive officer of ecfirst, an Inc 500 business in its first year of eligibility. A highly sought-after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. He is a keynote and featured speaker at conferences worldwide! He has consulted and advised 1000s of clients globally! He was appointed and services as a member of the select HITRUST SCF Assessor Council and is a proud member of InfraGard (FBI).
9:30 a.m.
Chief Security Officers Best Practices Roundtable
Frank Ruelas, MBA
Facility Compliance Professional, St. Joseph’s Hospital and Medical Center/Dignity Health, Phoenix, AZ
Facility Compliance Professional, St. Joseph’s Hospital and Medical Center/Dignity Health, Phoenix, AZ
Frank Ruelas is a compliance professional who has become well known for his practical approach to topics and subjects within the compliance arena. He is a Faculty Compliance Professional at St. Joseph’s Hospital and Medical Center in Phoenix, AZ. Frank’s focus is on maintaining the facility’s compliance program while also working to identify any additional risks or factors that may impact the program’s overall effectiveness.
Frank enjoys networking with other compliance professionals as he is a strong advocate of collaboration and its ability to help generate ideas and solutions.
Frank enjoys networking with other compliance professionals as he is a strong advocate of collaboration and its ability to help generate ideas and solutions.
Anahi Santiago, MBA
Chief Information Security Officer, Christiana Care Health System; Former Director, Information Security and Support Services, Albert Einstein Healthcare Network, Philadelphia, PA
Chief Information Security Officer, Christiana Care Health System; Former Director, Information Security and Support Services, Albert Einstein Healthcare Network, Philadelphia, PA
Anahi Santiago is the Chief Information Security Officer at Christiana Care Health System, the largest healthcare provider in the state of Delaware. Prior CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO she has overall responsibility for the organization’s cybersecurity and assurance program. Santiago leads a team of information security professionals in supporting CCHS’s strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety. Anahi Santiago holds a B.S. in electrical and computer engineering as well as an executive MBA from Drexel University. She also hold a Certified Information Security Manager (CISM) certification. She is an active contributor and member of several local, state and federal cybersecurity organizations including the Healthcare Sector Coordinating Council’s Cybersecurity Working Group, Delaware Healthcare Cybersecurity Alliance and Philadelphia’s Women and Cybersecurity group.
Timothy Torres, MBA, CISSP, ISSMP, CISM, HCISPP
Senior Deputy Chief Information Security Officer, Sutter Health, Sacramento, CA
Senior Deputy Chief Information Security Officer, Sutter Health, Sacramento, CA
Timothy Torres entered healthcare twenty years ago as a programmer analyst in Information Technology. With over 15 years’ experience in information security, Timothy brings a rich perspective on how data and technology play a critical role in safe and reliable care delivery. Timothy has designed and implemented world-class data protection systems, and as a thought leader, has helped lead change in healthcare information security. Timothy is currently the Sr. Deputy Chief Information Security Officer at Sutter Health, and his leadership role includes strategy, risk and governance, privacy and information security by design, business engagement, and program effectiveness. Timothy is an author and his most recent work on medical device cybersecurity was published by the Association for the Advancement of Medical Instrumentation (AAMI). Timothy is also a board of director for HealthRight360 based in San Francisco, CA, and serves as an advisory board member for several cyber security companies.
John C. Parmigiani
President, John C. Parmigiani and Associates, LLC; Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Moderator)
President, John C. Parmigiani and Associates, LLC; Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Moderator)
John Parmigiani is President of John C Parmigiani & Associates, LLC. His primary focus is on helping healthcare organizations become and maintain compliance with healthcare regulations, in particular HIPAA and the HITECH provisions and move toward electronic healthcare. He has over 40 years’ experience in information management systems in both the public and private sectors. His HIPAA/HITECH work has ranged from performing compliance and risk assessments and design activities to serving as an expert witness in privacy violation cases.
10:30 am
Transition Break
MINI SUMMIT GROUP I: 11:00 am – 12:00 pm
Mini-Summit I: Updates from the 2019 National HIPAA Compliance Benchmark Survey Report
11:00 am
Welcome, Introductions, Presentations and Q&A
Cathy Bodnar, MS
Chief Compliance and Privacy Officer, Cook County Health, Chicago, IL
Chief Compliance and Privacy Officer, Cook County Health, Chicago, IL
Cathy Bodnar has been the Chief Compliance and Privacy Officer at Cook County Health since 2009. She is responsible for corporate compliance for the health system and CountyCare Health Plan, a subsidiary of Cook County Health. Ms. Bodnar has extensive health care experience, both clinically and administratively. As a registered nurse, she worked in various settings, from home care to intensive care, in three different countries. While working at Northwestern Memorial Hospital, Ms. Bodnar took on administration responsibilities, working in areas such as managed care contracting, health resources, physician referral, internal audit and corporate compliance. Ms. Bodnar regularly presents as a subject matter expert for compliance conferences and has been published.
Josephine N. Harriott, JD
Deputy Chief Compliance Officer, Health Sciences at Howard University, Washington, DC
Deputy Chief Compliance Officer, Health Sciences at Howard University, Washington, DC
Josephine Harriott is Chief Compliance Officer for Health Sciences at Howard University, where she oversees the compliance programs for Howard University Hospital, the College of Medicine physician group practice, and the College of Dentistry clinical practices. She joined Howard in 2013 as Senior Associate General Counsel after six years at a large law firm where her practice focused on health care reform/employee benefits, civil litigation and internal investigation. Josephine is a graduate of Howard University School of Law which she attended after a a successful career in managed health care and government contracts. She has written and spoken on issues related to health care regulatory compliance, health care reform and women’s career development. She is admitted to practice in Virginia and the District of Columbia.
Darlene Mitchell, MBA
Vice President of Corporate Compliance, Advantia Health, Former Director, National Compliance Programs (Lead Compliance Officer), Planned Parenthood Federation of America, Baltimore, MD
Vice President of Corporate Compliance, Advantia Health, Former Director, National Compliance Programs (Lead Compliance Officer), Planned Parenthood Federation of America, Baltimore, MD
Darlene Mitchell currently serves as Vice President of Corporate Compliance for Advantia Health, a privately-held company based in Arlington, Virginia that focuses on women’s health care. Currently, Darlene provides oversight of Advantia’s healthcare compliance and HIPAA programs for its corporate headquarters, a telehealth company, and a nationwide network of physician practices. Prior to joining Advantia, Darlene served as Director of National Compliance Programs for Planned Parenthood Federation of America for six years. Darlene’s prior experience also includes serving as Chief Compliance & Audit Officer for Hunterdon Healthcare System in Flemington NJ; Director of Compliance for Johnson & Johnson; Compliance Officer for United Healthcare’s NY and NJ plans; and Director of Corporate Integrity for Piedmont Health.
Lisa Shuman, MPA, CHC, CHPC, CHRC
Consultant, Strategic Management Services, Alexandria, VA
Consultant, Strategic Management Services, Alexandria, VA
Lisa Shuman is Certified in Healthcare Compliance (CHC), Healthcare Privacy Compliance (CHPC) and Healthcare Research Compliance (CHRC). Her work includes corporate compliance and HIPAA program development and implementation, HIPAA privacy program gap analysis and effectiveness evaluation, policy and procedure development, and training and education. Ms. Shuman has served as an Interim HIPAA Privacy Officer for several organizations.
Catie Heindel, JD, CHC, CHPC, CHPS
Managing Senior Consultant, Strategic Management Services, Alexandria, VA (Moderator)
Managing Senior Consultant, Strategic Management Services, Alexandria, VA (Moderator)
Catie Heindel is a Managing Senior Consultant with Strategic Management, where she has been working for eleven years. She is an attorney who is certified in healthcare compliance, as well as in health care privacy and security. Ms. Heindel specializes in developing and implementing effective HIPAA Privacy and Security programs, conducting risk assessment and management activities, reviewing compliance with the HIPAA Privacy and Security regulations, and providing expert subject matter consulting services relevant to HIPAA and compliance program daily operations.
Presentation Material (Acrobat)
Reference Material (Acrobat)
Mini-Summit II: All about the California Consumer Privacy Act & Engagement with Executive Management
11:00 am
All About the CCPA: A 5-Step Guide to Complying with California’s Consumer Privacy Act
Andrew Clearwater, CIPP/E, LLM
Director of Privacy, OneTrust, Atlanta, GA
Director of Privacy, OneTrust, Atlanta, GA
Andrew Clearwater serves as Director of Privacy at OneTrust. Mr. Clearwater is a Certified Information Privacy Professional (CIPP/US), holds an LLM in Global Law and Technology and is a licensed attorney. In his role as Director of Privacy, Clearwater provides counsel, leadership, and guidance on data protection. He is also responsible for providing public policy analysis in the areas of privacy, data security, information policy, and technology transactions.
Before joining OneTrust, Mr. Clearwater was the Privacy Officer for RxAnte. Clearwater also held privacy roles at the Future of Privacy Forum, as well as the Network Advertising Initiative. In addition, he made contributions to the NTIA mobile application transparency discussion, helped launch a privacy seal program for companies that use consumer energy data, participated as a member of the W3C Tracking Protection Working Group, and taught as an adjunct professor of privacy and technology law at the University of Maine.
Before joining OneTrust, Mr. Clearwater was the Privacy Officer for RxAnte. Clearwater also held privacy roles at the Future of Privacy Forum, as well as the Network Advertising Initiative. In addition, he made contributions to the NTIA mobile application transparency discussion, helped launch a privacy seal program for companies that use consumer energy data, participated as a member of the W3C Tracking Protection Working Group, and taught as an adjunct professor of privacy and technology law at the University of Maine.
11:30 am
Engagement with Executive Management: How to Arm Compliance and Privacy Professionals with Specific Data that Informs Decision Making
Daniel Fabbri, PhD
Founder and Chief Executive Officer, Maize Analytics; Assistant Professor of Biomedical Informatics and Computer Science, Vanderbilt University, Nashville, TN
Founder and Chief Executive Officer, Maize Analytics; Assistant Professor of Biomedical Informatics and Computer Science, Vanderbilt University, Nashville, TN
Dr. Fabbri is the Founder and CEO of Maize Analytics, as well as an Assistant Professor of Biomedical Informatics and Computer Science at Vanderbilt University. His research focuses on machine learning applied to electronic medical records, clinical data and data privacy. Dr. Fabbri’s research has been sponsored by the National Science Foundation, National Institutes of Health and U.S. Department of Defense. His research on machine learning in healthcare and data privacy has been published in JAMA Internal Medicine, the Journal of the American Medical Informatics Association, Journal of Pediatrics, International Journal of Medical Informatics, and multiple other computer science proceedings.
Margaret Hambleton, MBA, CHC, CHPC
President, Hambleton Compliance LLC; Former Vice President, Chief Compliance Officer, Dignity Health; Former Senior Vice President, Ministry Integrity, Chief Compliance Officer, St. Joseph Health System, Valencia, CA
President, Hambleton Compliance LLC; Former Vice President, Chief Compliance Officer, Dignity Health; Former Senior Vice President, Ministry Integrity, Chief Compliance Officer, St. Joseph Health System, Valencia, CA
Margaret Hambleton has over twenty years of experience in healthcare compliance, including roles as Cheif Compliance officer for large integrated health systems providing services in multi-state geographies. She is recognized as an industry thought leader and speaker, including addressing the US Senate Finance Committee and other government agencies. Margaret is also the past President and current member of the Board of Directors of the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA) supporting and promoting integrity programs nationally and internationally.
Mini-Summit III: Value-Based Care Initiatives & Quality Improvement and Analytics
11:00 am
HIPAA and Compliance in the World of Value-Based Care Initiatives
Gerald Rupp, MS, PhD
Chief Innovation Officer, Fusion5 Healthcare Solutions; Former Director of Research & Payment Innovation, Signature Medical Group; Former Vice President for Research, Executive Director, Institute for Science and Health, Saint Charles, MO
Chief Innovation Officer, Fusion5 Healthcare Solutions; Former Director of Research & Payment Innovation, Signature Medical Group; Former Vice President for Research, Executive Director, Institute for Science and Health, Saint Charles, MO
Jerry Rupp has over 25 years of experience in a wide range of healthcare-related activities. As a healthcare executive, he has co-developed and co-administered programs focused on healthcare delivery and payment-model reforms, including bundled payments. He also provided oversight, guidance, and operational structure for a highly successful Maternity Care Home care management program to address psychosocial needs for high-risk Medicaid mothers and their children. Jerry has also served in an advocacy role for the Centers for Medicare and Medicaid Services and the Innovation Center, provided information to legislators, and advocated for reform in healthcare delivery and payment policy. Previously, Jerry served as Executive Director and VP of Research at the Institute for Science and Health. In addition to his experience as a healthcare executive and scientist/researcher, Jerry served as a professor of anatomy and has authored over 30 peer-reviewed research articles.
11:30 am
Advancing Privacy through Quality Improvement and Analytics
Elizabeth Delahoussaye, RHIA, CHPS
Chief Privacy Officer, Ciox Health; Former Speaker of the House of Delegates, AHIMA, Alpharetta, GA
Chief Privacy Officer, Ciox Health; Former Speaker of the House of Delegates, AHIMA, Alpharetta, GA
Elizabeth Delahoussaye is the Chief Privacy Officer for Ciox Health, with corporate headquarters located in Alpharetta, GA. Elizabeth has served on AHIMA Board of Directors and was the Speaker of the House of Delegates in 2016. She has also served as a representative for THIMA on the AHIMA House of Delegates, as well as President-Elect and President for THIMA from 2008-2010. Elizabeth has served on various committees at the national level with AHIMA, including as co-chair on AHIMA ROI Tool Kit in 2013, the AHIMA Annual Program Committee in 2014-2015, and is currently serving on the AHIMA Privacy and Security Council. In 2013 she received the THIMA Distinguished Member Award for her many years of volunteering on both the state and national level.
Mini-Summit IV: Effective HIPAA Risk Assessments & HIPAA Compliance in the Public Sector
11:00 am
Performing Effective HIPAA Risk Assessments; Dos and Don’ts
Matt Farry, CISM, CEH
Cybersecurity Services Manager, GreyCastle Security, Saratoga Springs, NY
Cybersecurity Services Manager, GreyCastle Security, Saratoga Springs, NY
Matt Farry is the Cybersecurity Service Manager at GreyCastle Security with over 10 years of experience in a variety of information security domains including governance, risk and compliance (GRC), audit, vulnerability management and incident response. At GreyCastle, Matt specializes in organizational risk management, remediation guidance, and program implementation based on industry standards and regulations including HIPAA, NIST SP800-53, ISO 27001 and 27002, SOC2, PCI, and many others.
11:30 am
Untangling HIPAA Compliance in the Public Sector
Tina L. Curtis, CIPP, CCSA
City-wide Privacy and Security Official and Director of the Office of Privacy and Confidentiality, Office of the Attorney General, District of Columbia, Washington, DC
City-wide Privacy and Security Official and Director of the Office of Privacy and Confidentiality, Office of the Attorney General, District of Columbia, Washington, DC
Tina Curtis serves as Assistant Attorney General and City-wide Privacy and Security Official/ Director of the Office of Privacy and Confidentiality, within the Office of the Attorney General for the District of Columbia. In this role, she provides advice on data protection and data sharing, oversees government agency privacy and security offices and ensures the privacy of critical technologies. Her office is also responsible for investigations, data sharing design, implementations, audits, contractor standards, policy development, technology reviews and training. Prior to serving in her current position, Ms. Curtis served as an attorney at the DC Department of Insurance Securities and Banking, where she regulated health insurance companies. She also served as the former Secretary for the Institute of Electrical and Electronics Engineers’ (IEEE) Privacy PAR Working Group and as the Chair of the Minority Business Opportunities Commission for Prince George’s County, Maryland.
Judith D. Thompson, CCSA
Deputy City Attorney and HIPAA Specialist, Los Angeles City Attorney’s Office, Los Angeles, CA
Deputy City Attorney and HIPAA Specialist, Los Angeles City Attorney’s Office, Los Angeles, CA
Ms. Thompson is an attorney with 30 years experience as a litigation and advisory attorney. She is a Deputy City Attorney with the Office of the City Attorney for the City of Los Angeles and her assignment for the past 12 years has been as Advisor for the office on compliance with the Health Insurance Portability and Accountability Act [HIPAA] and related privacy laws. In this assignment, Ms. Thompson advises several city departments on HIPAA-related issues and, as an Advisor to a municipal client, Ms. Thompson must balance HIPAA privacy concerns against municipal concerns for transparency/accountability and the on-going need to address civic issues such as mental illness and homelessness. Since joining the City Attorney’s Office 25 years ago, Ms. Thompson has handled dozens of criminal and civil jury trials and appeals in California courts ranging from trial courts, appellate courts to the California Supreme Court.
12:00 pm
Networking Luncheon and Presentations
MINI SUMMITS: GROUP II 12:15 pm – 1:15 pm
Mini-Summit V: Healthcare Compliance Analytics: Leveraging the Right People and Data to Get Meaningful Reports
12:15 pm
Welcome, Introductions, Presentations and Q&A
Teresa Burns
Director of Professional Services and Privacy Officer, Protenus, Former Deputy Privacy Officer, Johns Hopkins Health System Corporation, Baltimore, MD
Director of Professional Services and Privacy Officer, Protenus, Former Deputy Privacy Officer, Johns Hopkins Health System Corporation, Baltimore, MD
Ms. Burns is currently employed as the Director of Professional Services and Privacy Officer for Protenus, a data analytics company that focuses on health data security and building trust in healthcare. She has extensive experience with HIPAA compliance efforts in hospital and health system settings.
Her prior experience includes litigation management and investigation and contract drafting and negotiating. Ms. Burns’ specialties involve HIPAA and privacy compliance, contract negotiation, litigation management, commercial and employment litigation and transactional work/mergers & acquisitions.
Her prior experience includes litigation management and investigation and contract drafting and negotiating. Ms. Burns’ specialties involve HIPAA and privacy compliance, contract negotiation, litigation management, commercial and employment litigation and transactional work/mergers & acquisitions.
Nick Culbertson, MD
Chief Executive Officer, Protenus, Baltimore, MD
Chief Executive Officer, Protenus, Baltimore, MD
Nick Culbertson served eight years in the US Army and completed his service as a highly-decorated Special Forces operator (Green Beret). He was awarded two bronze stars during his service, one for extraordinary valor. Nick attended the Johns Hopkins University School of Medicine where he and co-founder Robert Lord saw firsthand how electronic medical records are used to improve patient care and share data more efficiently. They also observed that the electronic medical record created a whole new slate of serious security and privacy concerns. In 2014, Nick and Robert developed the initial prototype and algorithms that launched Protenus, fulfilling a critical need to better protect patient data in electronic health records. Previously, Nick was a biomedical researcher at Johns Hopkins University, where he participated in a variety of studies including synthetic biology, cellular engineering, and clinical outcomes. Nick helps run The 6th Branch, a veteran-led community service organization in East Baltimore.
Amy Dingus, MSHA, CHC, CHPC
System Privacy Officer, Yale New Haven Health, New Haven, CN
System Privacy Officer, Yale New Haven Health, New Haven, CN
Amy Dingus serves as the System Privacy Officer for Yale New Haven Health System. In her current role, she oversees the corporate privacy compliance program for the YNHHS delivery networks, including Bridgeport, Greenwich, Lawrence + Memorial, Yale New Haven and Westerly hospitals, as well as Northeast Medical Group, a physician foundation of primary care and medical specialists. Ms. Dingus maintains certification in healthcare compliance (CHC) and healthcare privacy compliance (CHPC) through HCCA.
MaryBeth Ireland
Chief Privacy Officer, Inova Health System, Falls Church, VA
Chief Privacy Officer, Inova Health System, Falls Church, VA
Mini-Summit VI: Patchwork of Federal and State Privacy Rules & HIPAA, CCPA and Other Potential State Laws & New Burdens on Medical Research and De-Identified Data
12:15 pm
The Patchwork of Federal and State Privacy Rules for Health Information: What Health Care Providers, Health Plans, and Vendors Handling Health Information Need to Know and Do Now
Thora A. Johnson, JD
Partner and Chair of Healthcare Practice, Venable, LLP, Baltimore, MD
Partner and Chair of Healthcare Practice, Venable, LLP, Baltimore, MD
Thora Johnson chairs Venable’s Healthcare Initiative. She provides counsel on regulatory, compliance, tax, and business matters impacting healthcare providers, hospitals, continuing care retirement communities, health insurers, group health plans, pharmaceutical and medical device companies, and digital health companies. She has a broad knowledge of traditional healthcare regulatory matters, including Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and breach notification requirements; state health information privacy laws; Medicare/Medicaid compliance; and federal and state fraud and abuse rules. In addition, Thora has extensive experience in health and welfare plan compliance, including the regulatory requirements of the Employee Retirement Income Security Act (ERISA), the Internal Revenue Code, federal and state healthcare coverage continuation laws, the Mental Health Parity and Addiction Equity Act, and Genetic Information Nondiscrimination Act. , the regulations under the Americans with Disabilities Act (ADA) applicable to employer wellness programs, and the Affordable Care Act (ACA).
Erika Riethmiller, MS, CIPP/US, CISM, CPHRM
Chief Privacy Officer and Sr. Director of Privacy Strategy, University of Colorado Health; Former Director of Corporate Privacy, Anthem; Former Privacy Officer, State of Colorado, Department of Health Care Policy and Financing, Aurora, CO
Chief Privacy Officer and Sr. Director of Privacy Strategy, University of Colorado Health; Former Director of Corporate Privacy, Anthem; Former Privacy Officer, State of Colorado, Department of Health Care Policy and Financing, Aurora, CO
Erika Riethmiller is the Chief Privacy Officer & Senior Director of Privacy Strategy for University of Colorado Health. Previously, she was the Director of Corporate Privacy for Anthem, Inc. and the Privacy Officer for The State of Colorado, Department of Health Care Policy & Financing. She is a past president and board member of the Colorado Healthcare Associate Risk Managers.
David Holtzman, JD, CIPP
Executive Advisor, CynergisTek, Inc.; Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX (Moderator)
Executive Advisor, CynergisTek, Inc.; Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX (Moderator)
David Holtzman is an executive advisor for CynergisTek. He is considered a subject matter expert in policy issues involving the safeguarding of personally identifiable information with a focus on compliance with state and federal requirements like the HIPAA Privacy, Security and Breach Notification Rules. Prior to CynergisTek, Holtzman served on the health information privacy team at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS), where he led many OCR initiatives including integration of the administration and enforcement of the HIPAA Security Rule, and health information technology policies. David has two-decades of experience in developing, implementing and evaluating health information privacy and security compliance programs for both government and private sector organizations. He is a member of the HHS “CISA 405-d Workgroup” and the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council.
12:45 pm
Harmonization Horizon: HIPAA, CCPA and Other Potential State Laws — New Burdens on Medical Research and De-Identified Data?
Daniel Barth-Jones, MPH, PhD
Assistant Professor of Clinical Epidemiology, Mailman School of Public Health, Columbia University, New York, NY
Assistant Professor of Clinical Epidemiology, Mailman School of Public Health, Columbia University, New York, NY
Daniel Barth-Jones is an Assistant Professor of Clinical Epidemiology on the faculty of the Department of Epidemiology at Columbia University who specializes in statistical disclosure control implementation under the HIPAA Privacy Rule provisions for Expert Determinations of de-identification. His work is focused on the importance of properly balancing competing goals of protecting patient privacy and preserving the accuracy of scientific research and statistical analyses conducted with de-identified data. Dr. Barth-Jones is also an internationally recognized infectious disease/HIV epidemiologist who has worked with the World Health Organization, UNAIDS and the U.S. CDC in the areas of theoretical population vaccinology, infectious disease epidemic modeling/simulation, and health economic evaluations of public health policies for vaccination and preventative interventions.
Ann Waldo, JD
Principal, Waldo Law Offices, PLLC; Former Chief Privacy Officer, Lenovo; Former Chief Privacy Officer, Hoffmann-La Roche, Washington, DC
Principal, Waldo Law Offices, PLLC; Former Chief Privacy Officer, Lenovo; Former Chief Privacy Officer, Hoffmann-La Roche, Washington, DC
Ann Waldo is the Principal in the boutique law firm of Waldo Law Offices in Washington, DC. She provides legal counsel and government advocacy regarding health data privacy and strategy. She has worked as Chief Privacy Officer for Lenovo, Chief Privacy Officer at Hoffmann-La Roche, Public Policy at GlaxoSmithKline, in-house counsel at IBM, and commercial litigation. Ann has a JD from UNC Law School with high honors. She is licensed to practice law in DC and North Carolina and is a member of the Bar of the U.S. Supreme Court. She is passionate about health data and innovation.
Mini-Summit VII: Data Brokers & HIPAA Safeguards in a Multi-Cloud Environment
12:15 pm
Nagging HIPAA Issues that just Don’t go Away
Lyra Correa, JD
Associate, Davis Wright Tremaine, Former Contract Specialist, Centers for Medicare & Medicaid Services, Former Health Information Privacy Extern, Office for Civil Rights, DHHS, Washington, DC
Presentation Material (Acrobat)
Associate, Davis Wright Tremaine, Former Contract Specialist, Centers for Medicare & Medicaid Services, Former Health Information Privacy Extern, Office for Civil Rights, DHHS, Washington, DC
Presentation Material (Acrobat)
12:45 pm
HIPAA and SAMHSA: Can the tension between treatment coordination and privacy protection goals be harmonized?
Tina Grande, MHS
Executive Vice President, Policy and Chair, Confidentiality Coalition, Healthcare Leadership Counsel, Washington, DC
Executive Vice President, Policy and Chair, Confidentiality Coalition, Healthcare Leadership Counsel, Washington, DC
Tina Olson Grande is Executive Vice President for Policy for the Healthcare Leadership Council (HLC), a coalition of chief executives of the nation’s leading healthcare companies and organizations. HLC advocates for consumer-centered health reform, emphasizing the value of private sector innovation. She is also the Chair of the Confidentiality Coalition. Ms. Grande had previously served as HLC’s Policy Director. She is the Co-Chair of the Workgroup for Electronic Data Interchange’s (WEDI’s) Security and Privacy workgroup and was Vice Chair of the Health Data Consortium’s Policy Committee. Previously, Ms. Grande was Health Policy Director for Arnold & Porter LLP. Ms. Grande launched the Medicare Advisory Group, Inc. and began her career in health policy working for Senator Dave Durenberger (MN). She also worked for the Health Care Advisory Board, and Patton Boggs LLP and was Research Director at the Institute for the Future in California
Nancy L. Perkins, MPP, JD
Counsel, Arnold & Porter, Washington, DC
Counsel, Arnold & Porter, Washington, DC
Nancy Perkins focuses her practice on litigation, regulatory compliance, and consulting on emerging policy issues, with a principal focus on data privacy and security. Ms. Perkins regularly advises clients on compliance with a wide range of data protection requirements at the federal and state levels, including rules applicable to online communications and transactions as well as all types of uses and disclosures of medical, financial, and other sensitive personal information.
Ms. Perkins served as a law clerk to the Honorable Eugene H. Nickerson of the US District Court for the Eastern District of New York from 1987 to 1988. She is a member of the American Law Institute and serves on the Executive Council of the American Society of International Law and the Steering Committee of the International Law Section of the District of Columbia Bar.
Ms. Perkins served as a law clerk to the Honorable Eugene H. Nickerson of the US District Court for the Eastern District of New York from 1987 to 1988. She is a member of the American Law Institute and serves on the Executive Council of the American Society of International Law and the Steering Committee of the International Law Section of the District of Columbia Bar.
Mini-Summit VIII: HIPAA and Social Media & Diversity in Security
12:15 pm
HIPAA and Social Media
Cathy A. Jefferson, MBA, CHC
Compliance Officer, UH Physician Services, Compliance and Ethics Department, University Hospitals Management Services Center, Shaker Heights, OH
Compliance Officer, UH Physician Services, Compliance and Ethics Department, University Hospitals Management Services Center, Shaker Heights, OH
Cathy Jefferson is currently serving as Compliance Officer for University Hospitals Physician Services (UHPS) at University Hospitals. Ms. Jefferson has 25 years of experience working in the healthcare industry.
12:45 pm
Diversity in Security: Attracting a Diverse Security Workforce
Jana Courmier
Vice President, Privacy, Compliance and Accreditation, Tivity Health; Former Senior Privacy Officer, Healthways; Former Chief Privacy Officer, IASIS Healthcare, Spring Hill, TN
Vice President, Privacy, Compliance and Accreditation, Tivity Health; Former Senior Privacy Officer, Healthways; Former Chief Privacy Officer, IASIS Healthcare, Spring Hill, TN
Jana Courmier is a healthcare professional with extensive experience in healthcare compliance and privacy. In her current role at Tivity Health, Jana is focused on maturing the privacy and compliance programs which support Tivity’s healthcare and nutrition business units. As the former corporate Chief Privacy Officer of a healthcare system in the greater Nashville area and with her experience as a Compliance & Privacy Officer in the hospital-setting, she brings a well-rounded view of privacy and compliance functions in healthcare. Jana holds the following certifications: CHC (Certified in Healthcare Compliance) and CHP (Certified in Healthcare Privacy).
Lauret Howard
Chief Executive Officer, Watchtower Consulting; Former Chief Risk Officer, NASCO, Atlanta, GA
Chief Executive Officer, Watchtower Consulting; Former Chief Risk Officer, NASCO, Atlanta, GA
As the Chief Risk Officer for NASCO, Lauret Howard formulated and instituted the company’s risk management and cybersecurity program, propelling NASCO to achieve SOC2 and HITRUST certifications, well ahead of many organizations within the healthcare IT industry. During her 30-year tenure with NASCO, Lauret became NASCO’s first female executive and went on to hold numerous senior leadership roles, including developing and growing NASCO’s consulting practice, serving as Chief Financial Officer, and leading NASCO’s strategy development and execution. In addition, Lauret served on the NASCO Board of Directors as corporate secretary for 16 years. After her recent retirement from NASCO, Lauret launched Watchtower Consulting, which focuses on business, risk management and security strategy development and implementation planning. She is a member of the Technology Association of Georgia (TAG) and Women in Technology (WIT). Lauret is the President of the Atlanta Chapter of the Association for Strategic Planning (ASP) and is a certified Strategy Management Professional.
Anahi Santiago, MBA
Chief Information Security Officer, Christiana Care Health System; Former Director, Information Security and Support Services, Albert Einstein Healthcare Network, Philadelphia, PA
Chief Information Security Officer, Christiana Care Health System; Former Director, Information Security and Support Services, Albert Einstein Healthcare Network, Philadelphia, PA
Anahi Santiago is the Chief Information Security Officer at Christiana Care Health System, the largest healthcare provider in the state of Delaware. Prior CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO she has overall responsibility for the organization’s cybersecurity and assurance program. Santiago leads a team of information security professionals in supporting CCHS’s strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety. Anahi Santiago holds a B.S. in electrical and computer engineering as well as an executive MBA from Drexel University. She also hold a Certified Information Security Manager (CISM) certification. She is an active contributor and member of several local, state and federal cybersecurity organizations including the Healthcare Sector Coordinating Council’s Cybersecurity Working Group, Delaware Healthcare Cybersecurity Alliance and Philadelphia’s Women and Cybersecurity group.
Maliha Charania, MS, MIS
Manager, IT Risk Management, Meditology Services LLC, Atlanta, GA (Moderator)
Manager, IT Risk Management, Meditology Services LLC, Atlanta, GA (Moderator)
Maliha Charania is a Manager, IT Risk Management with Meditology Services, which was rated 2019 Best in KLAS: Cybersecurity Advisory Services, an independent healthcare IT research report. She has designed and implemented numerous global IT security initiatives in both healthcare and academia. She has extensive technical security knowledge and has served as a Subject Matter Expert in matters of IT security and compliance for many healthcare providers, business associates, and payers of varying sizes and across the world.
1:15 p.m.
Transition Break
MINI SUMMITS: GROUP III: 1:30 pm – 2:30 pm
Mini Summit IX: Building a Proactive Privacy Program & Data is Worth More than Gold: Finding & Fixing Hidden Cyber Risks
1:30 pm
Building a Proactive Privacy Program: Lessons Learned in Prioritization and Socialization
Angela Alton, MPA, CHPC, CHC
Vice President and Privacy Officer, Ann & Robert H. Lurie Children’s Hospital of Chicago; Former Deputy Chief Privacy Officer, Bay Area, Sutter Health, Chicago, IL
Vice President and Privacy Officer, Ann & Robert H. Lurie Children’s Hospital of Chicago; Former Deputy Chief Privacy Officer, Bay Area, Sutter Health, Chicago, IL
Angela Alton has worked in healthcare for over twenty years. For the past fifteen years Angela has focused on the areas of information privacy, security and regulatory compliance. Currently, Angela is Vice President, Privacy Officer for Ann & Robert H. Lurie Children’s Hospital of Chicago where she provides direction and oversight for all facets of the privacy program. Prior to this, Angela served as the Deputy Chief Privacy Officer- Bay Area for Sutter Health in California.
Elizabeth Hernandez, JD
Senior Privacy Analyst, Ann & Robert H. Lurie Children’s Hospital of Chicago, Chicago, IL
Senior Privacy Analyst, Ann & Robert H. Lurie Children’s Hospital of Chicago, Chicago, IL
Liz Hernandez works as the Senior Privacy Analyst at the Ann & Robert H. Lurie Children’s Hospital of Chicago. Prior to Lurie Children’s, Liz worked as a privacy analyst in the Corporate Compliance Department of Edward-Elmhurst Health in Naperville, IL.
2:00 pm
Data is Worth More than Gold: Finding & Fixing Hidden Cyber Risks
Mike Semel, CHA, CHP, CHSP, CSCS, CBCP
President, Semel Consulting LLC; Author, How to Avoid HIPAA Headaches; Former Chief Information Officer, Schuyler Hospital, Las Vegas, NV
President, Semel Consulting LLC; Author, How to Avoid HIPAA Headaches; Former Chief Information Officer, Schuyler Hospital, Las Vegas, NV
Mike Semel is a noted thought leader, speaker, blogger, and best-selling author. He is the President and Chief Security Officer of Semel Consulting, focused on HIPAA and other regulations; cyber security; and Business Continuity planning. Mike is a Certified Business Continuity Professional through the Disaster Recovery Institute, a Certified HIPAA Professional, Certified Security Compliance Specialist, and co-author of the Certified HIPAA Security Professional (CHSP) certification course. He has owned or managed technology companies for over 30 years; served as Chief Information Officer (CIO) for a hospital and a K-12 school district; and managed operations at an online backup company. Mike has spoken to many audiences including the medical team at the Kennedy Space Center, the National HIPAA Summit, and the New York State Cyber Security conference. He is the best-selling author of How to Avoid HIPAA Headaches.
Mini-Summit X: Privacy Enforcement Activity by State Attorneys General & Practical Application of 42 CFR Part 2
1:30 pm
The New Kids on the HIPAA Block: Privacy Enforcement Activity by State Attorneys General
Joseph Lurin, MBA, CHC, CIPP
Vice President, Corporate Compliance and Privacy Officer, EmblemHealth, Former Regulatory Compliance and Privacy Manager, Group Health Inc., New York, NY
Vice President, Corporate Compliance and Privacy Officer, EmblemHealth, Former Regulatory Compliance and Privacy Manager, Group Health Inc., New York, NY
Joseph Lurin is the Vice President, Corporate Compliance for the EmblemHealth Family of Companies. Joseph serves as the company’s Privacy Officer and is responsible for leading the company’s privacy strategy. EmblemHealth is one of the nation’s largest not-for-profit health insurers, serving more than three million people in the New York tristate area. EmblemHealth’s family of companies includes ConnectiCare, one of Connecticut’s leading health plans; AdvantageCare Physicians, a primary and specialty care practice; WellSpark, a digital wellness company; and Neighborhood Care, addressing social determents of health face to face in the neighborhoods of the five boroughs.
Jaime Pego, JD
Managing Director, KPMG LLP, Short Hills, NY
Managing Director, KPMG LLP, Short Hills, NY
Jaime Pego is a Managing Director in KPMG’s Forensic Risk & Consulting Practice. She has more than 15 years of experience delivering compliance advisory services, including HIPAA risk assessments, billing/coding reviews, and compliance program effectiveness reviews, to a wide range of healthcare clients. She also serves as the National HIPAA Privacy Managing Director at KPMG and worked on the engagement with the Office for Civil Rights to develop the HIPAA Privacy Audit Protocol. Jaime previously served as a local compliance officer at a health system in New Jersey in addition to having practiced health law.
Thora A. Johnson, JD
Partner and Chair of Healthcare Practice, Venable, LLP, Baltimore, MD
Partner and Chair of Healthcare Practice, Venable, LLP, Baltimore, MD
Thora Johnson chairs Venable’s Healthcare Initiative. She provides counsel on regulatory, compliance, tax, and business matters impacting healthcare providers, hospitals, continuing care retirement communities, health insurers, group health plans, pharmaceutical and medical device companies, and digital health companies. She has a broad knowledge of traditional healthcare regulatory matters, including Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and breach notification requirements; state health information privacy laws; Medicare/Medicaid compliance; and federal and state fraud and abuse rules. In addition, Thora has extensive experience in health and welfare plan compliance, including the regulatory requirements of the Employee Retirement Income Security Act (ERISA), the Internal Revenue Code, federal and state healthcare coverage continuation laws, the Mental Health Parity and Addiction Equity Act, and Genetic Information Nondiscrimination Act. , the regulations under the Americans with Disabilities Act (ADA) applicable to employer wellness programs, and the Affordable Care Act (ACA).
2:00 pm
Practical Application of 42 CFR Part 2: Supporting SUD Providers to do their Job with Confidence
Michael Graziano
Project Director, Center of Excellence for Protected Health Information, New York, NY
Project Director, Center of Excellence for Protected Health Information, New York, NY
Michael Graziano serves as the Project Director for the Center of Excellence for Protected Health Information (CoE-PHI) at CAI. He is certified as a Healthcare Improvement Advisor by the Institute for Healthcare Improvement (IHI). Mr. Graziano has over 20 years of experience working in healthcare settings in including hospital systems, behavioral health and SUD treatment organizations, and city health departments.
Prior to his work at CAI, Mr. Graziano served as Vice President of Strategic Analysis and Information Management at a non-profit organization in New York City. Prior to that, he was Assistant Director of Quality Improvement at a hospital system in New York City, where he oversaw implementation of quality and patient safety initiatives, and supported regulatory compliance.
Prior to his work at CAI, Mr. Graziano served as Vice President of Strategic Analysis and Information Management at a non-profit organization in New York City. Prior to that, he was Assistant Director of Quality Improvement at a hospital system in New York City, where he oversaw implementation of quality and patient safety initiatives, and supported regulatory compliance.
Jennifer Lohse, JD
Vice President and General Counsel, Hazelden Betty Ford Foundation; Former General Counsel, Chief Compliance Officer, and Corporate Secretary, Center for Diagnostic Imaging, Minneapolis, MN
Vice President and General Counsel, Hazelden Betty Ford Foundation; Former General Counsel, Chief Compliance Officer, and Corporate Secretary, Center for Diagnostic Imaging, Minneapolis, MN
Ms. Lohse joined the Hazelden Betty Ford Foundation in 2014 and holds the positions of vice president, general counsel, chief compliance officer and corporate Secretary. She is responsible for the legal, risk management, compliance, and health information management functions. She is a member of the executive leadership team, and is a direct advisor to the Board of Trustees and several board committees. In this role, Jennifer oversees Hazelden Betty Ford’s legal activities, as well as ethics, compliance and regulatory affairs. She has an expansive comprehension of healthcare operations and routinely advised on multi-state and federal matters, including operational implementations, policies and procedures, contract review and negotiation, governance/corporate, privacy (HIPAA and 42 CFR Part 2), fraud and abuse, licensure and accreditation, billing, internal investigations, mandated reporting, and other matters concerning operations.
Jacqueline Seitz, JD
Health Privacy Lead, Center of Excellence for Protected Health Information; Staff Attorney, Legal Action Center; Former Excelsior Fellow, Justice Center for the Protection of People with Special Needs, New York, NY
Health Privacy Lead, Center of Excellence for Protected Health Information; Staff Attorney, Legal Action Center; Former Excelsior Fellow, Justice Center for the Protection of People with Special Needs, New York, NY
Jacqueline Seitz, staff attorney at Legal Action Center (LAC), is the Health Privacy Lead at the SAMHSA-funded Center of Excellence for Protected Health Information. At the Center of Excellence, she provides technical assistance and creates content for resources and trainings regarding federal health privacy protections for substance use disorder treatment records and mental health records. Prior to joining LAC, Jacqueline worked at the NYS Justice Center for the Protection of People with Special Needs.
Mini-Summit XI: Scalable Vendor Due Diligence & Protecting Patient Data in the Medical Imaging Ecosystem
1:30 pm
Scalable Vendor Due Diligence: How to Effectively Evaluate Business Associates
Mark Joseph Fox, CHC, CHPC, CHRC
Privacy and Research Compliance Officer, American College of Cardiology, Washington, DC
Privacy and Research Compliance Officer, American College of Cardiology, Washington, DC
Mark Fox currently serves as the Privacy and Research Compliance Officer of the American College of Cardiology. Mark is responsible for oversight of the College’s privacy infrastructure and all areas of research compliance. Mark has overseen the development of the privacy infrastructure for the National Cardiovascular Data Registry. Prior to ACC, Mark worked for MedCath as an Implementation Specialist overseeing the standardization of systems for Performance Improvement, and Risk Management for thirteen acute care hospitals. Mark has both clinical experience as a Emergency Medical Technician and data management experience. He currently holds certifications in Healthcare Compliance, Healthcare Privacy Compliance, and Healthcare Research Compliance.
2:00 pm
Protecting Patient Data in the Medical Imaging Ecosystem
David Alfonso
Senior Solutions Implementation Manager, Philips, Orlando, FL
Senior Solutions Implementation Manager, Philips, Orlando, FL
David Alfonso is an IT leader with 25 years of experience in software development, network engineering, systems administration, information security, project management, process improvement and solution architecture. Mr. Alfonso has worked with major employers including Philips Healthcare, The Walt Disney Company, Mckinsey & Co, Goldman Sachs, University of Central Florida and Learning Tree International (InfoSec Instructor). He is very passionate about coaching/mentoring colleagues and industry peers in best practices and standards at Universities, employer led workshops and professional organization such as Project Management Institute.
Michael Ekstrom
Senior Cybersecurity Engineer, MITRE, Rockville, MD
Senior Cybersecurity Engineer, MITRE, Rockville, MD
Michael Ekstrom is a senior cybersecurity engineer at the National Cybersecurity Federally Funded Research and Development Center, operated by the MITRE corporation, in support of the National Cybersecurity Center of Excellence. He supports the Data Integrity and Data Confidentiality projects, as well as supporting the NCCoE’s work in the hospitality sector.
Jon Moore, MS, JD
Chief Risk Officer and Senior Vice President of Professional Services, Clearwater Compliance, Nashville, TN
Jon Moore, Chief Risk Officer and Senior Vice President of Professional Services at Clearwater, works with healthcare leaders to safeguard their patients’ health, health information, corporate capital and earnings through strong proactive privacy and information/cyber risk management programs. After spending over two decades working in healthcare, technology and law, Jon understands what it takes to manage the growing complexity and risk associated with our industry’s increasing investment in and reliance on technology. It is not control checklists and point solutions, but instead, an enterprise-wide approach to cyber risk management including well-designed governance, process, and technology solutions. Previously, Jon was at PricewaterhouseCoopers LLP (PwC) where he was a leader of PwC’s Federal Healthcare Practice, Federal Practice IT Operational Leader, and member of the Federal Practice Operations Leadership Team. He is a member of the AHLA, ISC2 and ISACA, is a HCISPP and holds an ITIL Foundation Certification.
Mike Nelson
Vice President, IoT Security, DigiCert; Former Director, National Electronic Health Records Initiative, US Department of Health and Human Service, Lehi, UT
Vice President, IoT Security, DigiCert; Former Director, National Electronic Health Records Initiative, US Department of Health and Human Service, Lehi, UT
Mike Nelson is the VP of IoT Security at DigiCert, a leader in digital security. In this role, Mike oversees the company’s strategic IoT market development for critical infrastructure industries. Mike frequently consults with organizations, contributes to media reports, and speaks at industry conferences about how technology can be used to improve cybersecurity for connected systems. Before DigiCert, Mike spent his career in healthcare IT including time at the US Department of Health and Human Services, GE Healthcare, and Leavitt Partners. Mike’s passion for the industry stems from his personal experience as a type 1 diabetic and his use of connected technology in his treatment.
Sue Wang, MS
Principal Cybersecurity Engineer, MITRE/National Cybersecurity Center of Excellence, Rockville, MD
Principal Cybersecurity Engineer, MITRE/National Cybersecurity Center of Excellence, Rockville, MD
Sue Wang is the Principal Cybersecurity Engineer at MITRE/National Cybersecurity Center of Excellence. She was previously the Technology Manager at Thomson Reuters, Senior Software Engineer at Thomson Financial and a Senior System Architect at the University of Maryland.
Jennifer Cawthra, PMP
NCCoE Lead for Data Security and Healthcare Projects, National Institute of Standards and Technology, Rockville, MD (Moderator)
Presentation Material (Acrobat)
NCCoE Lead for Data Security and Healthcare Projects, National Institute of Standards and Technology, Rockville, MD (Moderator)
Presentation Material (Acrobat)
Mini-Summit XII: NIST Cybersecurity Framework & LoProCO
1:30 pm
Five Years Later: Is it Time for Healthcare to Look at the NIST Cybersecurity Framework to Support HIPAA Compliance?
Jon Moore, MS, JD, HCISPP
Chief Risk Officer, Clearwater Compliance LLC, Sarasota, FL
Chief Risk Officer, Clearwater Compliance LLC, Sarasota, FL
Jon Moore, Chief Risk Officer and Senior Vice President of Professional Services at Clearwater, works with healthcare leaders to safeguard their patients’ health, health information, corporate capital and earnings through strong proactive privacy and information/cyber risk management programs. After spending over two decades working in healthcare, technology and law, Jon understands what it takes to manage the growing complexity and risk associated with our industry’s increasing investment in and reliance on technology. It is not control checklists and point solutions, but instead, an enterprise-wide approach to cyber risk management including well-designed governance, process, and technology solutions. Previously, Jon was at PricewaterhouseCoopers LLP (PwC) where he was a leader of PwC’s Federal Healthcare Practice, Federal Practice IT Operational Leader, and member of the Federal Practice Operations Leadership Team. He is a member of the AHLA, ISC2 and ISACA, is a HCISPP and holds an ITIL Foundation Certification.
2:00 pm
LoProCo: From Impermissible Access, Acquisition, Use, or Disclosure (AAUD) to Breach…Or Not
Frank Ruelas, MBA
Facility Compliance Professional, St. Joseph’s Hospital and Medical Center/Dignity Health, Phoenix, AZ
Facility Compliance Professional, St. Joseph’s Hospital and Medical Center/Dignity Health, Phoenix, AZ
Frank Ruelas is a compliance professional who has become well known for his practical approach to topics and subjects within the compliance arena. He is a Faculty Compliance Professional at St. Joseph’s Hospital and Medical Center in Phoenix, AZ. Frank’s focus is on maintaining the facility’s compliance program while also working to identify any additional risks or factors that may impact the program’s overall effectiveness.
Frank enjoys networking with other compliance professionals as he is a strong advocate of collaboration and its ability to help generate ideas and solutions.
Frank enjoys networking with other compliance professionals as he is a strong advocate of collaboration and its ability to help generate ideas and solutions.
2:30 p.m.
Transition Break
AFTERNOON PLENARY SESSION – HIPAA, HITECH AND HEALTH REFORM
3:00 p.m.
Introductions and the Role of Health Care in the National Legislative Debate
Kirk J. Nahra, JD
Partner and Co-Chair, Cybersecurity and Privacy Practice, WilmerHale, Fellow, The Cordell Institute for Policy in Medicine & Law, Adjunct Professor, Washington College of Law, American University, Washington, DC (Co-Chair)
Partner and Co-Chair, Cybersecurity and Privacy Practice, WilmerHale, Fellow, The Cordell Institute for Policy in Medicine & Law, Adjunct Professor, Washington College of Law, American University, Washington, DC (Co-Chair)
Mr. Nahra is a partner with WilmerHale in Washington, D.C., where he specializes in privacy and information security litigation and counseling, along with a variety of health care and compliance issues and is co-chair of the firm’s Cybersecurity and Privacy Practice.
He is a member of the Board of Directors of the International Association of Privacy Professionals and editor of Privacy Advisor. He is also a founding Board Member of the Privacy Bar Section of the IAPP and is a Certified Information Privacy Professional. He served as the Co-Chair of the Confidentiality, Privacy and Security Workgroup.
He currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology.
He is a member of the Board of Directors of the International Association of Privacy Professionals and editor of Privacy Advisor. He is also a founding Board Member of the Privacy Bar Section of the IAPP and is a Certified Information Privacy Professional. He served as the Co-Chair of the Confidentiality, Privacy and Security Workgroup.
He currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology.
3:30 p.m.
The Role that Privacy Policy Plays in the Initiative to Permit Patients with Complete Control of their Health Data
Deven McGraw, JD
General Counsel and Chief Regulatory Officer, Citizen Corporation; Former Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services; Former Director, Health Privacy Project, Center for Democracy & Technology, Redwood City, CA
General Counsel and Chief Regulatory Officer, Citizen Corporation; Former Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services; Former Director, Health Privacy Project, Center for Democracy & Technology, Redwood City, CA
Deven McGraw is the General Counsel and Chief Regulatory Officer for Citizen Corporation. She was previously the Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR) as the Deputy Director for Health Information Privacy and is the Acting Chief Privacy Officer for the HHS Office of the National Coordinator for Health IT (ONC). She is a well respected expert on the HIPAA Rules and brings to her positions a wealth of experience in both the private sector and the non-profit advocacy world. Prior to joining HHS, she was a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP. She previously served as the Director of the Health Privacy Project at the Center for Democracy & Technology, and as the Chief Operating Officer at the National Partnership for Women & Families, where she provided strategic leadership and substantive policy expertise for the Partnership’s health policy agenda.
4:00 p.m.
FTC Privacy Enforcement Update
Elisa K. Jillson, JD
Attorney, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, Washington, DC
Attorney, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, Washington, DC
Elisa Jillson is an attorney in the FTC’s Division of Privacy and Identity Protection in the Bureau of Consumer Protection, where she works on policy matters, investigations, and litigation related to privacy and data security. Elisa was previously an attorney in the FTC’s Division of Enforcement, in the Bureau of Consumer Protection, where she worked primarily on order enforcement and litigation related to advertising, privacy, and data security. She has also lectured on privacy as part of a consumer protection course at George Mason University’s Scalia Law School. Before joining the FTC, Elisa was an associate at Sidley Austin LLP in Washington, DC.
4:30 p.m.
FBI Cyber Security Keynote
Chris Wheat
Intelligence Analyst, Federal Bureau of Investigation (FBI), Washington, DC
Intelligence Analyst, Federal Bureau of Investigation (FBI), Washington, DC
Chris Wheat is an Intelligence Analyst with the FBI’s Cyber Division in Chantilly, Virginia. As a member of the Major Cyber Crimes Intelligence Unit, Chris is the primary analyst covering the ransomware threat.
Prior to joining the FBI, Chris served as Communications Director for a member of the California State Assembly in Sacramento, where he also covered health care policy.
Prior to joining the FBI, Chris served as Communications Director for a member of the California State Assembly in Sacramento, where he also covered health care policy.
5:00 p.m.
Information Blocking
Mark Knee, JD
Senior Policy Advisor, Office of Policy, Office of the National Coordinator for Health Information Technology (ONC), Washington, DC
Senior Policy Advisor, Office of Policy, Office of the National Coordinator for Health Information Technology (ONC), Washington, DC
Mark Knee is a Senior Policy Advisor with the Office of the National Coordinator for Health Information Technology (ONC), Office of Policy, where he works on federal health IT policy and regulatory affairs. Prior to coming to ONC, Mark worked with the U.S. Office of Personnel Management, U.S. Environmental Protection Agency, and U.S. Department of Justice. Mark was a 2011 Presidential Management Fellow.
5:30 p.m.
Application Programing Interface (API)
Bettina Experton, MD, MPH
President and Chief Executive Officer, Humetrix; Adjunct Professor of Medicine, UC San Diego School of Medicine; Chair, Health & Fitness Technology Division HIPAA Work Group, Consumer Technology Association, Del Mar, CA
President and Chief Executive Officer, Humetrix; Adjunct Professor of Medicine, UC San Diego School of Medicine; Chair, Health & Fitness Technology Division HIPAA Work Group, Consumer Technology Association, Del Mar, CA
Dr. Bettina Experton is the CEO of HUMETRIX, a digital health company she founded, offering patient-facing mobile health applications used worldwide, starting with the iBlueButton mobile PHR application. iBlueButton was the first CMS approved native mobile application to access the Medicare Blue Button 2.0 API for use by 61 million Medicare beneficiaries, and is one of three applications approved by the Department of Veterans Affairs (VA) to access the new VA health API for use by 9 million Veterans, for them to have their critical health information in their hands at all times to receive safer and more cost-effective healthcare. A physician trained in Internal Medicine, Pediatrics and Public Health, and a data scientist turned Health IT entrepreneur, Bettina has been a strong advocate for patient empowerment with access to their data. She is a former State of California Public Health Officer, and is an adjunct professor of Medicine at the University of California San Diego School of Medicine.