AGENDA: DAY IV
THURSDAY, MARCH 25, 2021
DAY IV MORNING MINI SUMMITS
MINI SUMMITS ROUND V: 10:00 am – 11:00 am EDT
Mini Summit 18: How to Diagnose and Manage Cybersecurity Risks in Healthcare
10:00 am EDT
Introductions and Panel Discussion
Barry Hofecker
Security Strategist and CISO, GreyCastle Security, Rochester, NY
Security Strategist and CISO, GreyCastle Security, Rochester, NY
Barry Hofecker is an information security and risk management professional with twenty-five years of industry experience in multiple diverse markets, including Education, Healthcare, Manufacturing, Financial Services, and Public Sector industries. Barry has hands on experience in security operations, risk management, governance, and compliance. He also has extensive knowledge of information security standards, frameworks, and regulations such as NIST, ISO, GLBA, HIPAA, and PCI. He leads clients in the development of sustainable cyber and information security programs that focus on managing risk and meeting organizational goals and objectives.
Brian Murphy, MBA, CISA, CRISC
Security Specialist, GreyCastle Security, Rochester, NY
Security Specialist, GreyCastle Security, Rochester, NY
Brian Murphy is a technology, information security, and risk management professional. He has been at GreyCastle Security since 2018 and over 10 years of professional experience assisting with the development and implementation of cybersecurity solutions for financial services, healthcare, higher education, energy, information technology, and manufacturing industries. He has knowledge of PCI, SOX, GLBA compliance requirements, and ISO and NIST standards and regulations that can be applied in a variety of functions.
Mini-Summit 19: Changes to the Stark Anti-Kickback Regulations that Permit Healthcare Organizations to Donate Cybersecurity and Information Security Hardware and 3rd Party Services to Smaller Healthcare Providers
10:00 am EDT
Introductions and Panel Discussion
David Holtzman,JD, CIPP/US/G
Principal Consultant, HITprivacy, LLC, Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX (Co-moderator)
Principal Consultant, HITprivacy, LLC, Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX (Co-moderator)
Thora A. Johnson, JD
Partner and Chair of Healthcare Group , Venable, LLP, Baltimore, MD (Co-moderator)
Partner and Chair of Healthcare Group , Venable, LLP, Baltimore, MD (Co-moderator)
Thora Johnson chairs Venable's Healthcare Group. She provides counsel on regulatory, compliance, and business matters impacting healthcare providers, retirement communities, health insurers, group health plans, pharmaceutical and medical device companies, and digital health companies. She has a broad knowledge of traditional healthcare regulatory matters, including HIPAA privacy, security, and breach notification requirements; state health information privacy laws; Medicare/Medicaid compliance; and federal and state fraud and abuse rules. Thora also has extensive experience in health and welfare plan compliance, including ERISA, the tax code, healthcare coverage continuation laws, MHPAEA, GINA, ADA applicable to employer wellness programs, and the ACA.
Mini-Summit 20: HIPAA Right to Access Initiative & Defending Against Privacy Class Actions
Part I: HIPAA Right to Access Initiative
10:00 am EDT
Introductions and Panel Discussion
Lyra Correa, JD, MPH
Associate, Davis Wright Tremaine LLP, Former Contract Specialist, Centers for Medicare & Medicaid Services, Former Health Information Privacy Extern, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
Associate, Davis Wright Tremaine LLP, Former Contract Specialist, Centers for Medicare & Medicaid Services, Former Health Information Privacy Extern, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
Lyra Correa concentrates her practice in health information privacy, but works with clients across a wide range of privacy and security concerns related to European privacy, federal and state breach notification laws, and state consumer privacy laws. She works with health care providers, health IT companies, cloud providers, and technology companies. Her experience includes creating and reviewing privacy compliance programs, applying privacy laws to complex new technologies, and working with organizations to respond to complex privacy incidents.
Rebecca L. Williams, BSN, JD
Partner and Chair, Health Information Practice, Davis Wright Tremaine LLP, Seattle, WA
Partner and Chair, Health Information Practice, Davis Wright Tremaine LLP, Seattle, WA
Rebecca Williams is a nationally recognized authority on HIPAA, health information privacy, and data breach notification. She is a partner of the law firm Davis Wright Tremaine, LLP where she is Co-Chair of the Health Information Practice. Ms. Williams has been named one of the “Best Lawyers in America” in health law by Woodward/White. As a registered nurse with hands-on experience in hospital and other health care environments, she brings a practical perspective to her practice. Becky works with HIPAA covered entities and business associates to safeguard health information while keeping their businesses running efficiently.
Part II: Defending Against Privacy Class Actions
10:30 am EDT
Introduction and Discussion
Michael Abraham, JD, MCP
Shareholder, Barkto Zankel Bunzel & Miller, San Francisco, CA
Shareholder, Barkto Zankel Bunzel & Miller, San Francisco, CA
Michael Abraham is a Principal of the law firm Bartko Zankel Bunzel& Miller and heads the firm’s Privacy Practice. He has successfully tried cases and counseled large health care systems, high tech companies, defense contractors, financial organizations, national chains, franchisors, and international law firms. Michael’s notable achievements in privacy class actions include serving as counsel of record in Sutter Health v. Sup. Ct. (2014)227Cal.App.4th 1546 and authoring the amici curiae appellate brief arguments adopted in Regents of Univ. of Cal. v. Sup. Ct.(2013) 220 Cal.App.4th 549. Both decisions resulted in writs directing the trial courts to dismiss the privacy class actions without leave to amend.Michael’s extensive trial experience includes favorable verdicts for his clients in matters involving privacy claims, unfair business practices, antitrust claims, complex tort and contract claims, security violations, officer and director liability, and breaches of fiduciary duty.
11:00 am EDT
Transition Break/Visit Exhibit Hall
MINI SUMMITS ROUND VI 11:15 am – 12:15 pm EDT
Mini-Summit 21: Subjects in Clinical Trials and Data Privacy from the Site (Covered Entity) to the Sponsor (Manufacturer) and Frontiers in Health Data Privacy: HIPAA, State Laws, and Other Privacy considerations for Health Research
Part I: Frontiers in Health Data Privacy: HIPAA, State Laws, and Other Privacy considerations for Health Research
11:15 am EDT
Rachele Hendricks-Sturrup, DHSc, MSc, MA
Health Policy Counsel, The Future of Privacy Forum Research Fellow, Department of Population Medicine, Harvard Pilgrim Health Care Institute, Instructor, Medical Ethics & Health Policy, University of Pennsylvania School of Medicine, Washington, DC
Health Policy Counsel, The Future of Privacy Forum Research Fellow, Department of Population Medicine, Harvard Pilgrim Health Care Institute, Instructor, Medical Ethics & Health Policy, University of Pennsylvania School of Medicine, Washington, DC
Dr. Rachele Hendricks-Sturrup is a health scientist, Research Fellow at Harvard Pilgrim Health Care Institute, Instructor in Medical Ethics and Health Policy at the University of Pennsylvania Perelman School of Medicine, and Health Policy Counsel at the Future of Privacy Forum. Dr. Hendricks-Sturrup's work involves using mixed-methods research and stakeholder engagement to explore and address ethical, legal, and social issues and implementation barriers at the forefront of health policy and innovation. Her research centers on generating best practices for the use and processing of health and genetics data.
Part II: Subjects in Clinical Trials and Data Privacy from the Site (Covered Entity) to the Sponsor (Manufacturer)
11:45 am EDT
Introductions and Panel Discussion
Peggy L. Beat, JD
Partner and Member, Data Privacy & Cybersecurity Practice, Lewis Brisbois, Adjunct Professor, Cleveland Marshall College of Law, Former Attorney and Senior Director, Corporate Compliance, Cleveland Clinic, Cleveland, OH
Partner and Member, Data Privacy & Cybersecurity Practice, Lewis Brisbois, Adjunct Professor, Cleveland Marshall College of Law, Former Attorney and Senior Director, Corporate Compliance, Cleveland Clinic, Cleveland, OH
Peggy Beat, formerly a Partner in their Privacy and Cybersecurity Group with Lewis Brisbois Smith and Bisgaard, is currently a Health Care Attorney at Axiom Global and an Adjunct Professor teaching Health Care Compliance courses in the evenings at the Cleveland Marshall School of Law. Peggy began her career as a cardiothoracic nurse at the Cleveland Clinic before going to law school as an evening student. She was at the Cleveland Clinic for 25 years where she was an attorney in the Office of General Counsel and then Senior Director in Corporate Compliance. She left CCF to be Senior Counsel for CareSource, a managed care organization.
Leah Guidry, MA, JD
Managing Director and Lead, Healthcare Compliance and Research Compliance Team, Huron Consulting, Portland, OR
Managing Director and Lead, Healthcare Compliance and Research Compliance Team, Huron Consulting, Portland, OR
Leah Guidry leads Huron's Healthcare Compliance and Research Compliance teams. She has over 30 years experience working with universities, academic medical centers and healthcare systems. She advises clients on complex compliance issues and assists with government disclosure determinations and investigations. Her practice is concentrated in assisting healthcare and research organizations to comply with complex and sometimes conflicting regulatory structures. Prior to joining Huron, Leah practiced law in New York and DC. As a healthcare attorney, Leah defended healthcare organizations under investigation by the federal government.
Leah A. Voigt, JD, MPH
Chief Compliance Officer, Chief Privacy Officer, Spectrum Health, Grand Rapids, MI
Chief Compliance Officer, Chief Privacy Officer, Spectrum Health, Grand Rapids, MI
Leah Voigt is the Chief Compliance Officer of Spectrum Health System in Grand Rapids, Michigan. In this role, she also serves as the organization's Chief Privacy Officer. Leah has over 20 years' experience in health care policy, law and compliance, with focused expertise in information privacy and clinical research. Leah currently leads a team of over sixty compliance professionals who support Spectrum Health's delivery systems, health plan and corporate functions.
Mini-Summit 22: Business Associate Challenges
11:15 am EDT
Introductions and Panel Discussion
Ben Cutler
President and Chief Executive Officer, Hush Communications Canada, Inc., Vancouver, BC, Canada
President and Chief Executive Officer, Hush Communications Canada, Inc., Vancouver, BC, Canada
With over 20 years in senior management positions, Ben Cutler has been CEO of Hushmail since 2001 and has been with the company, in various capacities, since prior to Hushmail’s 1999 launch of its encrypted email service. Although Ben has an educational background in finance and accounting, and has worked in the financial services industry, it was his passion for technology, privacy, and business development that inspired him to embrace the opportunity he saw with Hushmail. Today, Ben oversees a growing company that specializes in HIPAA-compliant communication tools that meet the privacy needs of the healthcare sector.
Rodger Fisher, JD
Compliance Manager, Delta Dental of Idaho, Boise, ID
Compliance Manager, Delta Dental of Idaho, Boise, ID
Roger Fisher is the Compliance Manger for Delta Dental of Idaho. In his position he handles all aspects of the privacy program as well as providing guidance on federal and state regulations and guidelines. Rodger's background includes extensive experience working with healthcare providers in drafting and executing contracts, providing legal guidance and evaluating compliance programs. Earlier in his career he worked in the Contracts Division for the Idaho Attorney General. Rodger's goal is to present complex compliance issues in a manner that everyone can understand while maintaining a high standard of protection for his company.
Kean Quinton, MA
Organizational Compliance & Privacy Officer, RHA Health Services, Mountville, PA
Organizational Compliance & Privacy Officer, RHA Health Services, Mountville, PA
Mr. Quinton has been employed in the medical field since 1987, which has included working in an operating room to work in the behavioral health field. This included working inpatient psychiatric care, as a therapist, running a school base program for York City Schools, managing a Drug Court Program, developing a multi-disciplinary autism program in central Pennsylvania, and then being a director for a TBI and Neurodevelopmental facility. Mr. Quinton moved to a role as a clinical analyst for electronic records until his current role as the Organizational Compliance & Privacy Officer at RHA Health Services.
Robert J. Solomon, MD
Adult, Child and Adolescent Psychiatrist, Consulting Psychiatrist, Scripps Center for Integrative Medicine, Del Mar, CA
Adult, Child and Adolescent Psychiatrist, Consulting Psychiatrist, Scripps Center for Integrative Medicine, Del Mar, CA
Dr. Robert Solomon has been in private practice in San Diego, California for the last 28 years. He entered the mental health field to become a psychotherapist. His primary interest has been integrative medicine and in particular working with the mind, body, spirit connection. Early in his career, Dr. Solomon worked in a variety of settings including inpatient psychiatry, adolescent residential treatment, adolescent day treatment and at a child and adolescent emergency room. He was one of three founders and the medical director of a private mental health clinic in San Diego that offered mental health services to children, adolescents and adults. Dr. Solomon ran the clinic for 12 years until it was acquired by a larger company in 2019.
Paul Hales
Member, Hales Law Group, Principal Consultant, ET&C Group LLC, St. Louis, MO (Moderator)
Member, Hales Law Group, Principal Consultant, ET&C Group LLC, St. Louis, MO (Moderator)
Mini-Summit 23: HIPAA and Value-Based Care Initiatives & Lessons Learned from the Blackbaud Ransomware Attack
11:15 am EDT
Introduction and Discussion
Dayna Nicholson, JD, MPH
Partner, Davis Wright Tremaine LLP, Los Angeles, CA
Partner, Davis Wright Tremaine LLP, Los Angeles, CA
Dayna Nicholson delivers clear and accurate assessments of the healthcare legal landscape in the context of each client’s unique situation, supporting them as they innovate and improve patient care. Dayna’s practice focuses on operations, regulatory compliance, peer review and credentialing, and corporate and medical staff governance. Her experience also extends to patient information privacy (including data breaches), appeals of state-issued administrative penalties, Medicare and Medi-Cal certification, and emergency-care requirements. She is similarly well-versed in state and federal licensing and accreditation requirements, as well as the roles and concerns of an organization's leadership, including medical directors and chiefmedical officers; credentialing and peer-review committees; individual reviewers; and support staff.
11:45 am EDT
Building Trust: NIST Privacy Framework Adoption in Healthcare
Dylan Gilbert
Privacy Policy Advisor, NIST; Former Policy Counsel, Public Knowledge, Washington, DC
Privacy Policy Advisor, NIST; Former Policy Counsel, Public Knowledge, Washington, DC
Dylan Gilbert is a Privacy Policy Advisor with the Privacy Engineering Program at the National Institute of Standards and Technology, U.S. Department of Commerce. In this role, he advances the development of privacy engineering and risk management processes with a focus on the Privacy Framework and emerging technologies.
12:15 pm EDT
Luncheon Break/Visit Exhibit Hall
DAY IV CLOSING PLENARY SESSION: THE LATEST ON HIPAA ADMINISTRATIVE SIMPLIFICATION INITIATIVES
1:00 pm EDT
Co-Chair Welcome and Overview
Robert M. Tennant, MA
Vice President, Federal Affairs, Workgroup for Electronic Data Interchange (WEDI); Former Director, HIT Policy, Medical Group Management Association; Washington, DC (Co-chair)
Vice President, Federal Affairs, Workgroup for Electronic Data Interchange (WEDI); Former Director, HIT Policy, Medical Group Management Association; Washington, DC (Co-chair)
Robert Tennant is Vice President, Federal Affairs for the Workgroup for Electronic Data Interchange (WEDI). Mr. Tennant focuses on federal legislative and regulatory health information technology issues including HIPAA electronic transactions, health information exchange, privacy and security, EHRs, and other HIT issues. Mr. Tennant has served on or chaired numerous industry initiatives, including Vice-Chair of the Board of Directors of WEDI, past Chair of the WEDI Strategic National Implementation Process (SNIP), and served on the CMS DRLS Workgroup, Council for Affordable Quality Healthcare CORE and Index initiatives, National Uniform Claim Committee, Electronic Healthcare Network Accreditation Commission, and others.
1:15 pm EDT
The Future of HIPAA Transactions: ONC and NCVHS Perspectives
Alexandra (Alix) Goss
Vice President and Senior Consultant, Imprado, Former Co-Chair, Standards Subcommittee, National Committee on Vital and Health Statistics, Former Executive Director, PA eHealth Partnership Authority, Harrisburg, PA
Vice President and Senior Consultant, Imprado, Former Co-Chair, Standards Subcommittee, National Committee on Vital and Health Statistics, Former Executive Director, PA eHealth Partnership Authority, Harrisburg, PA
Throughout Alix’s career she has led game-changing initiatives with enthusiasm and integrity to strengthen organizations, public policy and national standards to achieve healthier and more productive people. Her leadership roles include developing national health care standards, implementing and complying with federal regulations, and aligning business strategies, systems integration and operations management in both private and public sectors of health care including: federal advisory member on NCVHS and co-chair of ONC' HITAC ICAD, industry collaborator such as her work with FAST, X12 and HL7, and business and government leader in various organizations such as Medicare Part B contractor, executive director of an independent state agency, vendor and consultant.
1:45 pm EDT
HIPAA Transactions: An Update on Operating Rules
April Todd, MPH
Senior Vice President, CORE and Explorations, CAQH, Washington, DC
Senior Vice President, CORE and Explorations, CAQH, Washington, DC
April Todd is the Senior Vice President, CORE and Explorations for CAQH. She is responsible for leading the CAQH CORE multi-stakeholder collaboration that is driving the creation and adoption of healthcare operating rules for electronic administrative transactions and establishing a common foundation for the operational components of value-based payment. She also directs the research functions for the organization including the CAQH Index.
2:15 pm EDT
The Future of HIPAA Transactions: The Health Plan Perspective
Gail Kocher, MPA
Director, National Standards, Blue Cross Blue Shield Association, Chicago, IL
Director, National Standards, Blue Cross Blue Shield Association, Chicago, IL
Gail Kocher joined the Blue Cross Blue Shield Association (BCBSA) in 2008 and is Director, National Standards. She has accountabilities for Administrative Simplification and supporting the Blues through industry-wide coalitions and standards setting organizations. Gail currently represents BCBSA on the Workgroup for Electronic Data Interchange (WEDI) Board of Directors, the National Uniform Billing (NUBC) and National Uniform Claim (NUCC) Committees). Gail is a Senior Member of HIMSS and the 2021 Interoperability & Health Information Exchange Committee Chair.
2:25 pm EDT
The Future of HIPAA Transactions: The Hospital Perspective
Terrence Cunningham, JD
Director, Administrative Simplification Policy, American Hospital Association, Chicago, IL
Director, Administrative Simplification Policy, American Hospital Association, Chicago, IL
Terrence Cunningham is the Director for Administrative Simplification Policy with the American Hospital Association. In this role, Terrence engages in regulatory and legislative initiatives associated with the HIPAA Administrative Simplification provisions, as well as other activities designed to reduce administrative complexities and billing issues for hospitals. Additionally, Terrence’s responsibilities include developing and maintaining the UB-04 Data Specifications Manual (UB-04 Data Set) and serving as the Chairman to the National Uniform Billing Committee (NUBC). Previously, Terrence served as a Senior Policy Analyst with the American Medical Association. In this role, Terrence’s work focused on regulatory and policy developments affecting physician revenue processes.
2:50 pm EDT
Break/Visit Exhibit Hall
3:00 pm EDT
The Future of HIPAA Transactions: The Physician Perspective
Heather McComas, PharmD
Director, Administrative Simplification Initiatives, American Medical Association, Former Professional Affairs Manager, National Association of Boards of Pharmacy (NABP), Chicago, IL
Director, Administrative Simplification Initiatives, American Medical Association, Former Professional Affairs Manager, National Association of Boards of Pharmacy (NABP), Chicago, IL
Heather McComas is Director of the American Medical Association’s (AMA’s) Administrative Simplification Initiatives division. In this role, Heather focuses on reducing administrative burdens and streamlining manual processes so that physicians can focus on patient care. She has testified on the AMA’s behalf before the National Committee on Vital and Health Statistics on various administrative simplification issues. She is also Co-chair of the Workgroup for Electronic Data Interchange’s Prior Authorization Subworkgroup. Heather is a pharmacist by training and received a PharmD from the University of Wisconsin–Madison.
3:25 pm EDT
HIPAA Transactions: Leveraging FHIR Standards to Achieve Automation
John Kelly, MHA
Principal Business Advisor, Edifecs, Board Member, Massachusetts Health Data Consortium, and Workgroup for Electronic Data Interchange (WEDI), Suffolk, MA
Principal Business Advisor, Edifecs, Board Member, Massachusetts Health Data Consortium, and Workgroup for Electronic Data Interchange (WEDI), Suffolk, MA
John Kelly is a nationally recognized health information exchange expert providing strategic consulting to Edifecs customers, specializing in information exchange and applying the principles of supply chain integration to the healthcare delivery lifecycle. He serves on the Boards of Directors for WEDI and the Massachusetts Health Data Consortium. His experience includes serving as CIO of healthcare network provider NaviNet, Director of eBusiness Architecture at Harvard Pilgrim Health Care, Clinical Manager for a 40K member community health center and managing director of his own health IT consulting firm. Kelly served as the architect and technical lead for the Massachusetts’ statewide HIE.
3:55 pm EDT
HIPAA Transactions Faculty Q&A
Robert M. Tennant, MA
Vice President, Federal Affairs, Workgroup for Electronic Data Interchange (WEDI); Former Director, HIT Policy, Medical Group Management Association; Washington, DC (Co-chair/Moderator)
Vice President, Federal Affairs, Workgroup for Electronic Data Interchange (WEDI); Former Director, HIT Policy, Medical Group Management Association; Washington, DC (Co-chair/Moderator)