AGENDA: DAY II
TUESDAY, MARCH 23, 2021
DAY II MORNING MINI SUMMITS
MINI SUMMITS ROUND I: 10:00 am – 11:00 am EDT
Mini-Summit 1: Workforce Training: HIPAA Privacy Basics
10:00 am EDT
Introduction and Discussion
Adam Greene, JD, MPH
Partner and Co-chair, Health Information, & HIPAA Practice, Davis Wright Tremaine LLP, HIPAA Summit Distinguished Service Award Winner, Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
Partner and Co-chair, Health Information, & HIPAA Practice, Davis Wright Tremaine LLP, HIPAA Summit Distinguished Service Award Winner, Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with health information privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Adam has been recognized as one of the top ten influencers in health information security, one of the top 50 healthcare IT experts, and is a frequent speaker and author on health information privacy and security issues.
Mini-Summit 2: Key Findings and Takeaways From OCR HIPAA Audit Findings & How the California Consumer Privacy Act Affects Health Information
Part I: Key Findings and Takeaways From OCR HIPAA Audit Findings
10:00 am EDT
Introduction and Discussion
Jennifer L. Urban, JD, CIPP/US
Partner, Foley & Lardner LLP, Founder, Midwest Cyber Security Alliance, Milwaukee, WI
Partner, Foley & Lardner LLP, Founder, Midwest Cyber Security Alliance, Milwaukee, WI
Jennifer Urban is a partner with Foley & Lardner LLP, where she guides clients in all aspects of preparing for and maintaining compliance with U.S. and global privacy and data security laws as well as counsels them on data protection programs, data incident management, breach response and recovery, data monetization, and other privacy and security issues. She is co-founder of the Midwest Cyber Security Alliance and a Certified Information Privacy Professional/United States (CIPP/US), a global gold standard and key industry benchmark accredited by the International Association of Privacy Professionals.
Part II: How the California Consumer Privacy Act Affects Health Information
10:30 am EDT
Introduction and Discussion
Paul T. Smith, JD
Partner, Hooper, Lundy and Bookman, PC, San Francisco, CA
Partner, Hooper, Lundy and Bookman, PC, San Francisco, CA
Mini-Summit 3: Securing Telehealth Remote Patient Monitoring Ecosystem
10:00 am EDT
Introductions and Panel Discussion
Kevin Littlefield, MS
Health Cyber Domain Capability Area Lead, National Cybersecurity FFRDC, MITRE Corp, Bedford, MA
Health Cyber Domain Capability Area Lead, National Cybersecurity FFRDC, MITRE Corp, Bedford, MA
Mr. Littlefield is a Principal Cybersecurity Researcher and Healthcare Cyber Domain Capability Area Lead at the National Cybersecurity FFRDC within the MITRE Corporation. With over 25 years’ experience in cybersecurity, Mr. Littlefield has held senior information security roles with the Brigham and Women’s Hospital and the Novartis Institutes for Biomedical Research.
Julie Snyder, CIPM, CIPP/G, CIPP/US, CIPT
Principal, National Cybersecurity FFRDC Privacy Domain Capability Area Lead, MITRE Corp, McClean, VA
Principal, National Cybersecurity FFRDC Privacy Domain Capability Area Lead, MITRE Corp, McClean, VA
Julie Snyder is a Principal Privacy Engineer and the Privacy Domain Capability Area Lead for the MITRE National Cybersecurity Federally Funded Research and Development Center (NCF). She provides privacy and cybersecurity risk management advice to defense, IC, and civilian federal agencies and critical infrastructure industries in the U.S. She has also worked with the Government of Japan to develop and implement its cybersecurity strategy for the Tokyo 2020 Olympic and Paralympic Games. Julie actively contributes to government security and privacy standards, including National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) practice guides, NIST SP 800-37, Rev 2, the anticipated NIST SP 800-53, Rev 5, NIST SP 800-150, and multiple Cybersecurity Framework Profiles. She is also a member of the International Association of Privacy Professionals (IAPP) Professional Faculty.
Mini-Summit 4: Top Five Health-Care Privacy, Security Developments to Watch in 2021
10:00 am EDT
Introduction and Discussion
Kirk J. Nahra, JD
Partner and Co-chair of the Privacy and Cybersecurity Practice, Wilmer Hale, Fellow, The Cordell Institute for Policy in Medicine & Law, Adjunct Professor, Washington College of Law, American University, Washington, DC
Partner and Co-chair of the Privacy and Cybersecurity Practice, Wilmer Hale, Fellow, The Cordell Institute for Policy in Medicine & Law, Adjunct Professor, Washington College of Law, American University, Washington, DC
Mr. Nahra is a partner with WilmerHale in Washington, D.C., where he specializes in privacy and information security litigation and counseling, along with a variety of health care and compliance issues. He is co-chair of the firm’s Cybersecurity and Privacy Practice and Co-Chair of the Big Data Practice. In this role, he assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws domestically and internationally, provides advice on data breaches, enforcement actions, contract negotiations, business strategy, research and de-identification issues and privacy, data security and cybersecurity compliance. He also teaches privacy and data security issues at several law schools, including serving as an adjunct professor at the Washington School of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University and as a fellow with the Institute for Critical Infrastructure Technology.
11:00 am EDT
Transition Break/Visit Exhibit Hall
MINI SUMMITS ROUND II 11:15 am – 12:15 pm EDT
Mini-Summit 5: Workforce Training: HIPAA Breach Notification Rule and HIPAA Enforcement Rule Basics
11:15 am EDT
Introduction and Discussion
Iliana Peters, JD, LLM, CISSP
Shareholder, Polsinelli, PC, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-Chair)
Shareholder, Polsinelli, PC, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-Chair)
Iliana L. Peters is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data. For over a decade, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices. As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon.
Mini-Summit 6: Privacy and Security issues in Health Care Artificial Intelligence initiatives
11:15 am EDT
Introductions and Panel Discussion
Donald DePass, JD
Senior Associate, Hogan Lovells, Washington, DC
Senior Associate, Hogan Lovells, Washington, DC
Donald DePass is a senior associate in the Privacy and Cybersecurity group at Hogan Lovells. Donald counsels clients facing dynamic regulatory environments, primarily in the technology, life sciences and health care, and education sectors. In addition to assisting clients with complex legal matters, Donald helps clients resolve complicated policy issues affecting data privacy and security. In a rapidly evolving marketplace, he provides practical solutions that help clients meet legal and policy challenges and retain consumer trust.
Matt Flora, CRISC
Senior Director, Ankura, Baltimore, MD
Senior Director, Ankura, Baltimore, MD
Madeline (Maddy) H. Gitomer, MSEd, JD
Senior Associate, Privacy and Cybersecurity Group, Hogan Lovells; Former Professional Staff,US Senate Committee on Health, Education, Labor and Pensions; Washington, DC
Senior Associate, Privacy and Cybersecurity Group, Hogan Lovells; Former Professional Staff,US Senate Committee on Health, Education, Labor and Pensions; Washington, DC
Madeline Gitomer is a senior associate in the Privacy and Cybersecurity group at Hogan Lovells. Whether it is life sciences, research collaboratives, digital health, or technology-driven startups, Madeline regularly advises clients on compliance with various data privacy laws, regulations, and public policy initiatives. Drawing from her Capitol Hill experience, Madeline understands the legislative and regulatory environment around health privacy and helps clients in responding to a dynamic and evolving legal landscape.
Mini-Summit 7: Oh No! Breach By a Business Associate!
11:15 am EDT
Introductions and Panel Discussion
Lisa Nee, JD
Legal Counsel, Accenture LLP, New York, NY
Legal Counsel, Accenture LLP, New York, NY
Lisa Nee serves as Legal Counsel at Accenture, a Fortune 500 global company that provides information technology related professional services. She currently leads Accenture's HIPAA Security Rule risk analysis program and supports HIPAA related breach incidents. Prior to working at Accenture, Lisa worked in-house at Google, Genentech, Deloitte Consulting, Accuvant (now Optiv, North America's largest cybersecurity firm) and Oracle. Lisa is a technologist at heart who has been coding since childhood with a career focused in the field of law and data sciences.
Mark Joseph Fox, CHC, CHPC, CHRC
Privacy and Research Compliance Officer, American College of Cardiology, Washington, DC (Co-moderator)
Privacy and Research Compliance Officer, American College of Cardiology, Washington, DC (Co-moderator)
Mark Fox currently serves as the Privacy and Research Compliance Officer for the American College of Cardiology. Mark lead the development of a comprehensive compliance program for the National Cardiovascular Data Registry, the largest cardiovascular registry in the United States. Mark previously worked for MedCath as an Implementation Specialist overseeing the standardization of systems supporting Performance Improvement and Risk Management. Mark supported the opening of five heart specialty hospitals. Mark is an Emergency Medical Technician and holds certifications in Healthcare Compliance, Healthcare Privacy Compliance, and Healthcare Research Compliance.
Thora A. Johnson, JD
Partner and Chair of Healthcare Group , Venable, LLP, Baltimore, MD (Co-moderator)
Partner and Chair of Healthcare Group , Venable, LLP, Baltimore, MD (Co-moderator)
Thora Johnson chairs Venable's Healthcare Group. She provides counsel on regulatory, compliance, and business matters impacting healthcare providers, retirement communities, health insurers, group health plans, pharmaceutical and medical device companies, and digital health companies. She has a broad knowledge of traditional healthcare regulatory matters, including HIPAA privacy, security, and breach notification requirements; state health information privacy laws; Medicare/Medicaid compliance; and federal and state fraud and abuse rules. Thora also has extensive experience in health and welfare plan compliance, including ERISA, the tax code, healthcare coverage continuation laws, MHPAEA, GINA, ADA applicable to employer wellness programs, and the ACA.
Mini-Summit 8: Opportunities from Combining Clinical and Administrative Data
11:15 am EDT
Introductions and Panel Discussion
Lauren Riplinger, JD
Vice President, Policy & Government Affairs, American Health Information Management Association, Former Chief of Staff/Senior Policy Advisor, US House of Representatives, Washington, DC
Vice President, Policy & Government Affairs, American Health Information Management Association, Former Chief of Staff/Senior Policy Advisor, US House of Representatives, Washington, DC
Lauren serves as AHIMA’s Vice President of Policy & Government Affairs. In this capacity, she is responsible for AHIMA’s advocacy strategy before Congress and various federal agencies. With two decades of healthcare policy experience, Lauren previously worked on Capitol Hill where she was involved in almost every aspect of a congressional office, including serving as Chief of Staff—a position that requires the ability to quickly synthesize multiple issues and adapt to constantly shifting priorities. Lauren received her JD from American University Washington College of Law and BA from Vanderbilt University. She is admitted to practice law in New York.
Chantal Worzala, PhD
Principal, Alazro Consulting, Former Vice President, Health Information Policy and Operations, American Hospital Association, Former Senior Analyst, Medicare Payment Advisory Commission, Takoma Park, MD
Principal, Alazro Consulting, Former Vice President, Health Information Policy and Operations, American Hospital Association, Former Senior Analyst, Medicare Payment Advisory Commission, Takoma Park, MD
Chantal Worzala is Principal at Alazro Consulting. An experienced policy expert, she helps provider organizations, associations, technology companies and patient advocates navigate health policy as they transform health and healthcare using digital health tools. She previously served as vice president at the American Hospital Association, where she was recognized as a leading voice for the provider community on meaningful use, interoperability, telehealth and other digital health policy issues. Chantal also worked at the Medicare Payment Advisory Commission.
Mini-Summit 9: Shifting the Paradigm: Why HIM Should Lead the Charge on Interoperable Technology
11:15 am EDT
Introductions and Panel Discussion
Katherine Lusk, MHSM, RHIA, FAHIMA
Senior Director of Strategic Partnerships, Texas Health Services Authority; Former Chief Health Information Management & Exchange Officer, Children's Health System of Texas; Little Elm, TX
Senior Director of Strategic Partnerships, Texas Health Services Authority; Former Chief Health Information Management & Exchange Officer, Children's Health System of Texas; Little Elm, TX
Katherine Lusk is the Senior Director of Strategic Partnerships for the Texas Health Services Authority. THSA is a public/private partnership with Texas, with a focus on interoperability including public health. Katherine is also an active AHIMA member. Her attention is focused on championing the profession, patient identity, health information exchange, standard development, and information governance. Previous leadership roles include serving on AHIMA President Chair, 2021, Co-lead Epic’s Care Everywhere Governing Council, eHealth Exchange Workgroup Member, ONC Patient Identity Workgroup, TxHIMA President, and the Texas Interoperability Collaborative. She is a sought-after national speaker on information governance, standards, interoperability, clinical documentation improvement, patient identity, leveraging technology and promoting the HIM profession.
Vong Miphouvieng, MHA, RHIA, CHPS
Senior Director of Health Information Management Services Operations and Regulatory Compliance, Texas Health Resources, Chair, AHIMA’s 2021 Program Committee, Arlington, TX
Senior Director of Health Information Management Services Operations and Regulatory Compliance, Texas Health Resources, Chair, AHIMA’s 2021 Program Committee, Arlington, TX
Vong Miphouvieng is the senior director of Health Information Management Services Operations and Regulatory Compliance for Texas Health Resources, an integrated health care system with over 350 access points. In his role he develops, communicates and oversees implementation of strategic initiatives involving the EHR, privacy, and regulatory compliance. Vong leads a team that oversees day-to-day operations for release of information, documentation compliance, data integrity, reporting, transcription, and document imagining. He has served in various committee roles with AHIMA, Tarrant County College’s Health Information Technology Advisory, and Dallas-Fort Worth HIMA. Vong has served as the chair for the AHIMA Professional Ethics Committee in 2019 and is serving as AHIMA’s 2021 Program Committee Chair.
Joe Naretto, MHA, RHIA
Senior Director Health Information Management, Novant Health, Charlotte, NC
Senior Director Health Information Management, Novant Health, Charlotte, NC
Joe Naretto is the Senior Director of Health Information Management for Novant Health, where he is responsible for system-wide leadership and governance for HIM workflows across both the acute and ambulatory environment. His scope includes on-site records management, chart deficiency analysis and audit workflows, transcription, chart corrections, release of information, and oversight and maintenance of the enterprise master patient index. His primary focus has been leading the organization and HIM processes from legacy/hybrid paper record systems into a fully integrated EMR environment, including HIMSS 7 certification and compliance. Additionally, Joe has focused organizational efforts to modernize release of information through centralization and augmentation of traditional ROI workflows with automation.
Kent Sona, MBA
Vice President of Information Technology and Chief Information Officer, Nebraska Methodist Health System, Omaha, NE
Vice President of Information Technology and Chief Information Officer, Nebraska Methodist Health System, Omaha, NE
Kent Sona is vice president of information technology and chief information officer for Methodist Health System. Serving in this capacity, Sona oversees Methodist Health System’s Information Technology Division. He previously served as the director of infrastructure and chief technology officer. During his time at Methodist, he has been instrumental in establishing the current and long-range vision of the health system’s information technology infrastructure and strategy, keeping Methodist at the forefront of technological change. Sona has more than 18 years of experience obtained at a variety of organizations, including a role as IT project manager at HDR and director of information services at West Corporation. Sona also served our nation with an impressive nine year career in the United States Army as both an information systems operator and combat medic. Sona is an experienced project management professional (PMP). He currently serves on the board of the Iowa Rural Health Telecommunications Program (IRHTP).
Beth Zuehlke, MS
Senior Vice President of Customer Success, Moxe; Former SVP of Consultant Engagement, Evergreen Healthcare Partners; Madison, WI (Moderator)
Senior Vice President of Customer Success, Moxe; Former SVP of Consultant Engagement, Evergreen Healthcare Partners; Madison, WI (Moderator)
Beth Zuehlke is Senior Vice President of Customer Success at Moxe. She has over 20 years of leadership experience in healthcare technology, consulting, project management and sales. Her healthcare IT experience started at Epic and includes senior leadership roles at Evergreen Healthcare Partners and healthfinch. Beth also was the president of a Madison based project management and IT consulting company.
12:15 pm EDT
Luncheon Break/Visit Exhibit Hall
DAY II PLENARY SESSION: SECURITY & CYBERSECURITY
1:00 pm EDT
Co-Chair Welcome and Overview of Health Care Cybersecurity and Security Environment
Iliana Peters, JD, LLM
Shareholder, Polsinelli, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-chair)
Shareholder, Polsinelli, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-chair)
Iliana L. Peters is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data. For over a decade, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices. As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon.
1:30 pm EDT
OCR Cybersecurity Update
Nicholas Heesters, MEng, JD, CIPP
Senior Advisor for Cybersecurity, Office for Civil Rights, US Department of Health and Human Services, Philadelphia, PA
Senior Advisor for Cybersecurity, Office for Civil Rights, US Department of Health and Human Services, Philadelphia, PA
Nicholas Heesters is a certified information privacy professional with over thirty years of experience managing infrastructure and information security technologies in various industries including financial services, defense, and healthcare. Currently, Mr. Heesters is the Senior Advisor for Cybersecurity for the HHS Office for Civil Rights supporting HIPAA compliance, enforcement, and policy initiatives.
2:00 pm EDT
Cybersecurity Initiatives for the Health Care Sector
William Welch
HC3 Cyber Engagement Lead, US Department of Health and Human Services, Atlanta, GA
HC3 Cyber Engagement Lead, US Department of Health and Human Services, Atlanta, GA
William Welch is the Cyber Engagement (CE) Lead for the Health Sector Cybersecurity Coordination Center (HC3), an HHS group working to improve cybersecurity in the health sector through information sharing and coordination. Prior to joining HC3, Mr. Welch was formerly the Healthcare Threat Operations Center Lead managing cyber information sharing and collaboration across the Federal Healthcare and Public Health partners. Mr. Welch served in the United States Air Force from 2006-2014 where he was selected as one of two hundred initial cadre for the Air Force enlisted cyber career field.
2:30 pm EDT
A Fireside Chat with Tonya Ugoretz, FBI Deputy Assistant Director, Cyber Division, on Cybersecurity
Tonya Ugoretz
Acting Assistant Director, Cyber Division, FBI; Former Director of Cyber Threat Intelligence Integration Center, DNI, Washington, DC
Acting Assistant Director, Cyber Division, FBI; Former Director of Cyber Threat Intelligence Integration Center, DNI, Washington, DC
Iliana Peters, JD, LLM, CISSP
Shareholder, Polsinelli, PC, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-Chair/Moderator)
Shareholder, Polsinelli, PC, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-Chair/Moderator)
Iliana L. Peters is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data. For over a decade, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices. As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon.
3:00 pm EDT
Break/Visit Exhibit Hall
3:15 pm EDT
FDA Cybersecurity Update
Aftin Ross, PhD
Senior Science Health Advisor, US Food and Drug Administration (FDA), Washington, DC
Senior Science Health Advisor, US Food and Drug Administration (FDA), Washington, DC
Dr. Aftin Ross is a senior science health advisor at FDA’s Center for Devices and Radiological Health (CDRH). She has been a lead in CDRH’s medical device cybersecurity efforts spearheading the execution of FDA public workshops, serving on interagency cybersecurity work groups, supporting numerous cross-stakeholder efforts (e.g. the 2017 healthcare cybersecurity task force), supporting the development of international cybersecurity policy via the International Medical Device Regulators Forum, and engaging in CDRH policy development. Aftin earned a B.S. in mechanical engineering from the University of Maryland Baltimore County and a master’s and PhD in biomedical engineering from the University of Michigan.
3:45 pm EDT
HITRUST CSF Certification
Uday Ali Pabrai, MSEE, CMMC RP, CISSP, HITRUST (CCSFP)
Chief Executive Officer and Co-founder, ecfirst, (A HITRUST Authorized External Assessor), Waukee, IL
Chief Executive Officer and Co-founder, ecfirst, (A HITRUST Authorized External Assessor), Waukee, IL
Ali Pabrai is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudia Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.
4:15 pm EDT
The Critical Role C-suite Executives and Board Members in Enterprise Cyber Risk Management (ECRM) Transformation Play
Ben Carroll
Chief Data Officer, CareFirst BlueCross BlueShield, Former Head of Data Management, Envision Healthcare, Philadelphia, PA
Chief Data Officer, CareFirst BlueCross BlueShield, Former Head of Data Management, Envision Healthcare, Philadelphia, PA
Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US
Founder and Executive Chairman, Clearwater; Former Vice President, Technology Operations, GE Information Services, Nashville, TN
Founder and Executive Chairman, Clearwater; Former Vice President, Technology Operations, GE Information Services, Nashville, TN
Bob Chaput is the Founder and Executive Chairman of the Board of Clearwater Compliance, a top-ranked, award-winning provider of healthcare compliance and cyber risk management solutions, endorsed by numerous state hospital associations. As a leading authority and expert witness on HIPAA compliance and enterprise cyber risk management, Chaput has assisted hundreds of healthcare organizations and their business partners, including Fortune 100 organizations, improve their risk posture. Chaput is the author of “Stop The Cyber Bleeding: What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management (ECRM)”
Changrong Ji, MS
Founder and Chief Executive Officer, A3.AI, Social and Venture Capitalist, Former Enterprise Architect, CareFirst BlueCross BlueShield, Owings Mills, MD
Founder and Chief Executive Officer, A3.AI, Social and Venture Capitalist, Former Enterprise Architect, CareFirst BlueCross BlueShield, Owings Mills, MD
James Noga, MS
Vice President and Chief Information Officer, Mass General Brigham, Instructor, Graduate Program in Health Informatics, Northeastern University, Boston, MA
Vice President and Chief Information Officer, Mass General Brigham, Instructor, Graduate Program in Health Informatics, Northeastern University, Boston, MA
James Noga has served as Vice-President and Chief Information Officer of Mass General Brigham since 2011. Under Mr. Noga’s leadership, Mass General Brigham has undergone significant technology advances to support all aspects of clinical care and research including the implementation of an enterprise electronic health record. The Boston CIO Leadership Association, in partnership with the Boston Business Journal recognized Mr. Noga with the 2017 Boston CIO of the Year Leadership Award. Mr. Noga holds an MS Degree in Biomedical Computing and Information Processing and a BS degree in Medical Technology both from the Ohio State University.
Greg Ewing, JD, MPH, CISSP, CSS
Vice President, Compliance & Regulatory Affairs/Chief Compliance Officer/Privacy Officer, Trillium Health, Inc., Rochester, NY (Moderator)
Vice President, Compliance & Regulatory Affairs/Chief Compliance Officer/Privacy Officer, Trillium Health, Inc., Rochester, NY (Moderator)
Greg Ewing currently serves as vice president of compliance and regulatory affairs at Trillium Health. He has over 22 years of experience in health law, corporate compliance, and privacy and information security. He has worked in various settings, including CareFirst BlueCross BlueShield of Maryland, in house counsel at Sutter Health, a large Boston law firm, and management consulting. Mr. Ewing holds a J.D. from Boston University School of Law and a M.P.H. from Harvard T.H. Chan School of Public Health. Also, he holds professional certifications in data privacy and information security.
5:05 pm EDT
Annual Chief Security Officers Best Practices Roundtable
Erik Decker, MS
Chief Information Security and Privacy Officer, University of Chicago Medicine, Co-Lead, Task Group for Implementing the Cybersecurity Act of 2015, 405D Legislation within the Healthcare Sector, US Department of Health and Human Services, Chicago, IL
Chief Information Security and Privacy Officer, University of Chicago Medicine, Co-Lead, Task Group for Implementing the Cybersecurity Act of 2015, 405D Legislation within the Healthcare Sector, US Department of Health and Human Services, Chicago, IL
Erik Decker is the Chief Information Security and Privacy Officer for the University of Chicago Medicine. He is the industry lead of the CSA 405(d) Task Group and responsible for the development of the Health Industry Cybersecurity Practices (HICP) publication. He is also a co-led the development of HIC-TCR; the Health Industry Cybersecurity Tactical Response Guide. He is also a member of the Executive Council of the Health Sector Coordinating Council, a joint public-private partnership group tasked with protecting Critical Infrastructure, as defined under the National Infrastructure Protection Plan.
David Holtzman, JD, CIPP/US/G
Principal Consultant, HITprivacy, LLC, Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX
Principal Consultant, HITprivacy, LLC, Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX
Anahi Santiago, MBA
Chief Information Security Officer, Christiana Care Health System, Former Director, Information Security and Support Services, Albert Einstein Healthcare Network, Philadelphia, PA
Chief Information Security Officer, Christiana Care Health System, Former Director, Information Security and Support Services, Albert Einstein Healthcare Network, Philadelphia, PA
Anahi Santiago is the Chief Information Security Officer at ChristianaCare, the largest healthcare provider in the state of Delaware. Prior ChristianaCare, she spent 10+ years as the Information Security and Privacy Officer at Einstein Healthcare Network. She has overall responsibility for ChristianaCare's cybersecurity and assurance program. Santiago leads a team in supporting ChristianaCare's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety. An active contributor and member of several local, state and federal cybersecurity organizations including H-ISAC Board of Directors, the Healthcare Sector Coordinating Council's Cybersecurity Working Group, Delaware Healthcare Cybersecurity Alliance and Philadelphia’s Women and Cybersecurity group.
John C. Parmigiani
President, John C. Parmigiani and Associates, LLC, HIPAA Summit Distinguished Service Award Winner, Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Moderator/Co-chair)
President, John C. Parmigiani and Associates, LLC, HIPAA Summit Distinguished Service Award Winner, Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Moderator/Co-chair)
John Parmigiani is President of John C. Parmigiani & Associates, LLC with a primary focus on helping healthcare organizations become compliant with healthcare regulations, in particular HIPAA, and achieve e-health. With over 40 years in information systems management in both the public and private sectors and as the former HCFA (now CMS) Director of Enterprise Standards, he was the Chairman of the government-wide HIPAA Administrative Simplification Security and Electronic Signature Standards Implementation Team and part of the federal committee that oversaw the development and implementation of the Transaction and Code Sets and the Privacy Rule. More information at www.johnparmigiani.com.