7:00 a.m. |
Registration Open
|
OPENING PLENARY SESSION
|
8:00 a.m.
|
Introduction and Overview of the Health Care Privacy and Security Landscape
Adam Greene, JD, MPH
Partner, Davis Wright Tremaine; Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co chair)
Speaker Bio
Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process.
Adam is the Chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues.
Presentation Material (Acrobat)
|
|
8:30 a.m.
|
Keynote: OCR Policy and Implementation Update
Jocelyn Samuels, JD
Director, Office for Civil Rights, US Department of Health and Human Services; Former Acting Assistant Attorney General for Civil Rights, United States Department of Justice, Washington, DC
Speaker Bio
Jocelyn Samuels is the Director of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), where she leads enforcement of federal laws that help to ensure non-discrimination and equity in federally funded health and human services, and enforcement of the HIPAA Privacy, Security and Breach Notification Rules. Ms. Samuel previously served as the Acting Assistant Attorney General for Civil Rights at the U.S. Department of Justice (DOJ). Most immediately prior to her tenure with DOJ, Ms. Samuels was the Vice President for Education and Employment at the National Women's Law Center in Washington, D.C.
|
|
Deven McGraw, JD
Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services; Former Director, Health Privacy Project, Center for Democracy & Technology; Former Chief Operating Officer, National Partnership for Women & Families, Washington, DC
Speaker Bio
Deven McGraw joined the HHS Office for Civil Rights (OCR) as the Deputy Director for Health Information Privacy on June 29, 2015. Ms. McGraw spearheads OCR's policy, enforcement, and outreach efforts on the HIPAA Privacy, Security, and Breach Notification Rules; as well as lead OCR's work on Presidential and Departmental priorities on health privacy and security. Prior to joining OCR, she was a partner in the health care group and co-led the privacy and security practice at Manatt, Phelps & Phillips, LLP and previously served as the Director of the Health Privacy Project at the Center for Democracy & Technology.
|
|
10:00 a.m. |
Break
|
|
10:30 a.m.
|
Best Practices in Preparing for and Responding to OCR Desk and Onsite Audits
Janelle Burns, JD
Corporate Privacy and Security Officer, Baptist Memorial Healthcare Corporation, Memphis, TN
Speaker Bio
Janelle Burns is the Corporate Privacy & Security Officer for Baptist Memorial Health Care Corporation in Memphis, Tennessee, where she oversees compliance with patient privacy laws for fourteen hospitals and approximately 150 physician practices located in Tennessee, Mississippi, and Arkansas. Ms. Burns began her career with Baptist in January 2002. Ms. Burns received her Doctor of Jurisprudence and a Certificate in Health Law from the University of Tulsa College of Law in 1999.
|
|
Deidre Rodriguez, MS, CIPP/US
Director, Corporate Privacy Office and Regulatory Oversight, Anthem, Denver, CO
Speaker Bio
Deidre currently serves as the Director of the corporate Privacy Office at Anthem, Inc. She has over 25 years of healthcare experience, 20 years of compliance experience, with 15+ specifically focused on privacy. She is responsible for the day to day operations and strategy of the Corporate Privacy Office with the exception of Incident Response.
|
|
Leslie Sistla, CIPP/US
Director, CISO Worldwide Health Industry, Microsoft Corp., Redmond, WA
Speaker Bio
Leslie Sistla brings over 25 years of technology industry experience holding various roles with Microsoft, Oracle and McKesson. Leslie joined Microsoft in 2000 and in her current role, she is a Director, CISO for the Worldwide Health Industry. Leslie works closely with customers to address concerns around privacy, security and regulatory compliance as customers begin their digital transformation by considering cloud adoption. In her role, Leslie also represents Microsoft at key health international standard organizations, HL7 and IHE specifically.
|
|
Deborah Yano-Fong, RN, MS, CHPC
Chief Privacy Officer, University of California at San Francisco, San Francisco, CA
Speaker Bio
Deborah Yano-Fong, RN, MS, CHPC, has served as the Chief Privacy Officer for the University of California, San Francisco (UCSF) for the past 14 years, since the inception of HIPAA. UCSF Medical Center is consistently ranked among the nation's top 10 hospitals by U.S. News & World Report, with a #7 ranking for 2016/2017, and is Northern California's premier medical center and top cancer hospital for both adults and children. With a budget of $5.5 billion and a workforce of 25,000, UCSF is San Francisco's second largest employer and continues to be the nation's top public recipient of NIH research funding.
Ms. Yano-Fong oversees all activities related to patient privacy and access to protected health information, including the development and implementation of UCSF's policies, procedures, Privacy education program, Campus Privacy program for confidential information other than PHI, and auditing and monitoring programs. Additionally, her professional background includes over 24 years of clinical, research and management expertise in healthcare.
|
|
Rebecca L. Williams, RN, JD
Partner and Chair, Health Information Practice, Davis Wright Tremaine LLP, Seattle, WA (Moderator)
Speaker Bio
Becky Williams is a nationally recognized authority on HIPAA. She is a partner in the Seattle office of the law firm Davis Wright Tremaine, LLP where she is Co-Chair of the Health Information Practice. Ms. Williams has been named one of the "Best Lawyers in America" in health law by Woodward/White. She also is a registered nurse with hands-on experience in hospital and other health care environments. Ms. Williams's practice focuses on privacy and security of health information, data breaches, and information sharing. She has served on various committees for the Workgroup for Electronic Data Interchange, the Healthcare Information and Management Systems Society, and the American Health Lawyers Association.
|
|
11:30 a.m.
|
Keynote: FTC Role in Healthcare Privacy and Security
Cora Han, JD
Senior Attorney, Division of Privacy and Identity Protection, Federal Trade Commission, Washington, DC
Speaker Bio
Cora Han is a senior attorney in the Federal Trade Commission's Division of Privacy and Identity Protection where she investigates and prosecutes violations of federal laws protecting the privacy and security of consumer information, and works on related policy matters. She organized the FTC's seminar on Consumer Generated and Controlled Health Data, and her law enforcement actions include the Commission's settlement with Facebook. In addition, Cora was one of the principal authors of the FTC's Health Breach Notification Rule. Prior to joining the FTC, Cora was an attorney with Wilmer Cutler Pickering Hale and Dorr LLP, where her practice focused on trademark, copyright, and media law.
|
|
12:00 p.m. |
Networking Luncheon
|
AFTERNOON PLENARY SESSION
|
1:00 p.m.
|
Welcome and Introductions and Establishing a Credible Cybersecurity Program: A Blueprint
Uday O. Ali Pabrai, MSEE, CISSP
Chief Executive and Co-founder, ecfirst (Home of HIPAA Academy), Irvine, CA (Co Chair)
Speaker Bio
Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security +, is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, who has successfully delivered solutions on compliance and information security to organizations worldwide. Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudia Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.
Presentation Material (Acrobat)
|
|
1:30 p.m.
|
Cyber Insurance
Kimberly B. Holmes, Esq., JD, RPLU
Senior Vice President & Counsel, Cyber Insurance, Liability & Emerging Risks, ID Experts, Former Vice President, Product Development, Chief Underwriting Office, OneBeacon Insurance, Former Deputy Worldwide Health Care Product Manager, Specialty Lines, Chubb Group of Insurance Companies, Hartford, CN
Speaker Bio
Kimberly Holmes is Senior Vice President & Counsel - Cyber Insurance, Liability and Emerging Risks for ID Experts, where she oversees cyber and insurance litigation developments as well as the cyber liability and corresponding enforcement landscapes across all domestic industry verticals. ID Experts is a leading provider of data breach response services; managing many of the nation's largest data breaches across all industries with innovative and proprietary software products and solutions since 2007. Prior to her almost 17 years in the specialty insurance industry, holding executive leadership roles at both Chubb and OneBeacon Insurance, Kim was in private practice with the national labor and employment law firm of Jackson Lewis LLP.
|
|
Michael J. Sacopulos, JD
Chief Executive Officer, Medical Risk Institute; General Counsel, Medical Justice Services, Terre Haute, IN
Speaker Bio
Michael J. Sacopulos is the CEO of Medical Risk Institute (MRI). Medical Risk Institute provides proactive counsel to the healthcare community to identify where liability risks originate, and to reduce or remove these risks. Michael won the 2012 Edward B. Stevens Article of the Year Award for MGMA. He has written for Wall Street Journal, Forbes, Bloomberg and many publications for the medical profession. He is a frequent national speaker. He attended Harvard College, London School of Economics and Indiana University/Purdue University School of Law. He may be reached at msacopulos@medriskinstitute.com.
Presentation Material (Acrobat)
|
|
2:00 p.m.
|
Health Care Privacy, Security and HIPAA for Health Plans: Overview and Hot Issues
Kristen Erbes, CIPP/US
Chief Privacy Officer, Cambia Health Solutions, Portland, OR
Speaker Bio
Kristen Erbes has over 10 years compliance experience in both the private and public sectors. For the last 4 years she has been the Chief Privacy Officer at Cambia Health Solutions which includes six health insurance plans that serve members throughout the Pacific Northwest as well as a number of direct health solutions companies. Kristen holds a Ph.D. and M.A. in Political Science from the University of Hawaii, and earned her undergraduate degree at Syracuse University
|
|
Deb Hampson, JD
Chief Privacy, Ethics and Marketing Compliance Officer and Managing Counsel, Cigna, Hartford, CT
Speaker Bio
Deb Hampson is Cigna's Chief Privacy & Ethics Officer and Managing Counsel. Cigna is a Fortune 500 company focusing on health benefits and services. As Chief Privacy Officer, Deb is responsible for Cigna's privacy program. Under her direction, the privacy program: establishes and maintains policies and procedures, performs risk assessments, creates and deploys privacy training and awareness, handles incident responses, provides legal and compliance guidance and maintains the privacy governance structure. Prior to joining Cigna Deb spent 28 years at The Hartford where she held several business and legal roles before retiring in 2013. While in The Hartford's legal department Deb assumed roles with increasing responsibility and supported various business areas and legal issues including: group benefits, corporate owned life insurance, reinsurance and anti-trust. At one point in her career, Deb was the Chief Compliance Officer of The Hartford's Life Company. Deb's final role at The Hartford was the head of its Privacy Office where she implemented The Harford's privacy program.
|
|
Deidre Rodriguez, MS, CIPP/US
Director, Corporate Privacy Office and Regulatory Oversight, Anthem, Denver, CO
Speaker Bio
Deidre currently serves as the Director of the corporate Privacy Office at Anthem, Inc. She has over 25 years of healthcare experience, 20 years of compliance experience, with 15+ specifically focused on privacy. She is responsible for the day to day operations and strategy of the Corporate Privacy Office with the exception of Incident Response.
|
|
Adam Greene, JD, MPH
Partner, Davis Wright Tremaine; Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Moderator)
Speaker Bio
Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process.
Adam is the Chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues.
|
|
2:45 p.m.
|
HIPAA Services and Solutions Innovation Showcase
Florin Cornianu
Chief Executive Officer, 123ContactForm, Timisoara, Romania, EU
Speaker Bio
Florin Cornianu is the Co-Founder and CEO of 123ContactForm, a leading company building digitization and data collection products. An engineer by education and entrepreneur by calling, Florin is constantly seeking ways to further develop his business by empowering his team to seek new ways of outpacing this fast moving market. He has a customer-centric approach to creating data-driven products which he sees as the main key to success.
Presentation Material (Acrobat)
|
|
Matthew DiMatteo
Eastern Regional Director of Client Services, CynergisTek, Inc., RI
Speaker Bio
Matthew DiMatteo has worked in a consultative business development role for more than 20 years enabling Matt to learn and excel in diverse global industries. Matt's service has been dedicated to the healthcare industry since 2010, allowing him a deep understanding of the "business of care". Leveraging this experience, Matt has become highly proficient aligning client needs, resource limitations, and service paths. He is looked to as a friend and advisor by his clients. Matt has been highly active in supporting national conferences, HIPAA workshops, and numerous association chapter events since joining CynergisTek in 2012.
Presentation Material (Acrobat)
|
|
David Holtzman, JD, CIPP
Vice President, Compliance, CynergisTek, Inc.; Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX (Moderator)
Speaker Bio
David Holtzman is vice president of compliance for CynergisTek. He is considered a subject matter expert in health information privacy and compliance issues. David was named by Health Data Management as one of the top 50 Healthcare IT experts of 2015. Prior to CynergisTek, Holtzman served as a senior advisor for health information technology and the HIPAA Security Rule at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS). Prior to joining HHS, David was the privacy & security officer for Kaiser Permanente's Mid-Atlantic Region.
|
|
3:30 p.m. |
Break
|
|
4:00 p.m.
|
Managing HIPAA Privacy in a Value-based Payment Environment
Margret Amatayakul, MBA, RHIA, CPEHR, CPHIT, CPHIE, CPORA, CHPS, FHIMSS
President, Margret\A Consulting, LLC; Adjunct Faculty in Health Informatics, College of St. Scholastica, Schaumburg, IL
Speaker Bio
Margret Amatayakul, MBA, RHIA, CPHIT, CPEHR, CHPS, FHIMSS...is president of Margret\A Consulting, LLC, a health information management and systems consulting firm based in Schaumburg, IL. The firm focuses on helping organizations navigate and achieve benefits from regulations such as HIPAA, HITECH, and ACA.
Margret A's background includes extensive experience working with hospitals, physician practices, health information exchange organizations, accountable care organizations, vendors, and public policymakers. Previous positions have included adjunct professor in health informatics at the College of St. Scholastica, executive director of the Computer-based Patient Record Institute, associate executive director of AHIMA, associate professor at the University of Illinois at Chicago College of Applied Health Sciences, and director of the health information management department at the Illinois Eye and Ear Infirmary. She is also a partner in Health IT Certification, LLC. She has written several books on HIPAA, EHR, and process improvement. Additional information is available at www.margret-a.com.
|
|
Paul T. Smith, JD
Partner, Hooper, Lundy & Bookman, San Francisco, CA
Speaker Bio
Paul Smith advises clients in health care and other industries on health information privacy and security, corporate formation and governance, joint ventures, financing, reimbursement and regulatory compliance. He also represents technology companies in transactional, financing and licensing matters, and data privacy and security.
Presentation Material (Acrobat)
|
|
4:45 p.m.
|
Health Care Privacy Officer Best Practices Roundtable
Janelle Burns, JD
Corporate Privacy and Security Officer, Baptist Memorial Healthcare Corporation, Memphis, TN
Speaker Bio
Janelle Burns is the Corporate Privacy & Security Officer for Baptist Memorial Health Care Corporation in Memphis, Tennessee, where she oversees compliance with patient privacy laws for fourteen hospitals and approximately 150 physician practices located in Tennessee, Mississippi, and Arkansas. Ms. Burns began her career with Baptist in January 2002. Ms. Burns received her Doctor of Jurisprudence and a Certificate in Health Law from the University of Tulsa College of Law in 1999.
|
|
Kristine Salcedo, JD
Director of Privacy and Regulatory Compliance, Phreesia; Former Senior Compliance Analyst Attorney, Cancer Treatment Centers of America®, New York, NY
Speaker Bio
Kristine Chung Salcedo is an Attorney and Director of Privacy and Regulatory Compliance at Phreesia, a health-technology company headquartered in New York, NY. Prior to working at Phreesia, Kristine worked at Cancer Treatment Centers of America in its corporate compliance office, where she helped oversee the privacy compliance program at five regional hospitals across the country.
|
|
R. Brett Short, CHC, CHPC
Chief Compliance Officer, UK HealthCare, University of Kentucky, Lexington, KY
Speaker Bio
R. Brett Short is the Chief Compliance Officer at the University of Kentucky for UK HealthCare in Lexington, Kentucky. He started in the Compliance Office as Privacy Officer for the University in 2003. He is also a board chair-appointed member to the Audit and Compliance Committee at UC Health in Cincinnati, Ohio. Brett also serves as faculty for the Health Care Compliance Association's Privacy Academy and is also a member of the Compliance Certification Board. He regularly presents and writes on privacy and compliance topics in addition to being published in the 2016 Health Care Compliance Manual. Brett holds certifications in both compliance and privacy.
|
|
John Steiner, JD
Former Chief Compliance & Privacy Officer & Associate General Counsel, Cancer Treatment Centers of America; Former Chief Compliance Officer and Privacy Officer, Cleveland Clinic Health System, Schaumburg, IL
Speaker Bio
Mr. Steiner has worked as a health care lawyer and compliance professional for over 25 years.
His career includes serving as the:
- Chief Compliance and Privacy Officer and Associate General Counsel for Cancer Treatment Centers of America;
- Chief Compliance Officer for University of Kentucky HealthCare
- Chief Compliance and Privacy Officer for the Cleveland Clinic Health System; and
- Senior Counsel for the American Hospital Association.
In his roles, Mr. Steiner has had the opportunity to work directly with Congress and federal regulatory and enforcement agencies on a variety of health care policy, advocacy and enforcement matters; including the HIPAA Privacy Rule.
He is a nationally recognized author and speaker on health law and compliance matters.
|
|
Paul T. Smith, JD
Partner, Hooper, Lundy & Bookman, San Francisco, CA (Moderator)
Speaker Bio
Paul Smith advises clients in health care and other industries on health information privacy and security, corporate formation and governance, joint ventures, financing, reimbursement and regulatory compliance. He also represents technology companies in transactional, financing and licensing matters, and data privacy and security.
|
|
5:45 p.m. |
Adjournment and Networking Reception
|
Go to Agenda:
Preconferences | Day 2
|