HIPAA regulation Summit
HIPAA regulation Summit
HIPAA regulation Summit
HIPAA regulation Summit
HIPAA regulation Summit
HIPAA regulation Summit



Overview | Agenda | Promotional Opportunities | Grantors & Exhibitors
Webcast Login | Continuing Education | HIPAA Award Winners
Speaking Proposals | Admin | Past Summits | Contact Us | Home




Go to Agenda:
Preconference | Day 1

TWENTY-FIFTH NATIONAL HIPAA SUMMIT
AGENDA: DAY II

Friday, September 16, 2016

7:00 a.m. Registration Open; Networking Breakfast

MORNING PLENARY SESSION
8:00 a.m.

Welcome and Introductions and HIPAA Patient Right of Access to PHI: Meeting Today's Regulatory Requirements and Expectations

David Holtzman, JD, CIPP
Vice President, Compliance, CynergisTek, Inc.; Former Senior Adviser for HIT and the HIPAA Security Rule, Office for Civil Rights, US Department of Health and Human Services, Austin, TX (Co Chair)

    Speaker Bio

    David Holtzman is vice president of compliance for CynergisTek. He is considered a subject matter expert in health information privacy and compliance issues. David was named by Health Data Management as one of the top 50 Healthcare IT experts of 2015. Prior to CynergisTek, Holtzman served as a senior advisor for health information technology and the HIPAA Security Rule at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS). Prior to joining HHS, David was the privacy & security officer for Kaiser Permanente's Mid-Atlantic Region.
    Presentation Material (Acrobat)
8:30 a.m.

Keynote: ONC Privacy and Security Update

Lucia Savage, JD
Chief Privacy Officer, Office of the National Coordinator for Health IT, US Department of Health and Human Services; Former Senior Associate General Counsel, UnitedHealthcare; Former General Counsel, Pacific Business Group on Health, Washington, DC

    Speaker Bio

    Appointed Chief Privacy Officer at Office of the National Coordinator for Health Information Technology, Department of Health & Human Services in October 2014, Lucia Savage has been working on health privacy, transparency, and interoperable health information exchange since HIPAA was enacted. At ONC, she advises the National Coordinator and HHS on privacy and security for digital health information inside of HIPAA and outside of traditional healthcare. She previously served as General Counsel at Pacific Business Group on Health, working on such topics as healthcare transparency strategy, large data transactions, health information exchange, and All-Payer Claims Databases.

    Lucia has a BA with Honor from Mills College in Oakland, CA, and received her Juris Doctor summa cum laude from New York University School of Law.
    Presentation Material (Acrobat)
9:00 a.m.

Pragmatic Approaches to Breach Prevention and Management

Ty Faulkner, MBA
Chief Commercial Officer, Rural Health Information Technology; Director of Business Development and Public Health Information Security, HIPAA HITECH Express; Founder and Chairman, Urban Healthcare Information Technology (UHIT) Consultants, Rockville, MD

    Speaker Bio

    Ty Faulkner 25 years Healthcare, Pharma, & Health Information Technology. He's a speaker on "Technology's Role in Improving Global Health." Ty's a teaching instructor for Office of National Coordinator (ONC) -HHS, Health Information Technology (HIT) Workforce Development HIT Programs, he's a Graduate School University Professor of HIT. He operates non-profits including Healthcare Technology Access Foundation focused on data privacy & security standards adoption. Serves on standards committees NCPDP, HIMSS, ONC, eHI, AHIMA, CHIME, Patient Privacy Rights, honorably served US Marines, graduate of Indiana University, Michigan State University, ongoing studies Fairleigh Dickinson University. His passion is transforming minority health with HIT.
Nick Heesters, JD, CIPP
Privacy and Security Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC

    Speaker Bio

    Nicholas Heesters is certified information privacy professional with over 25 years of experience supporting technology and information security efforts in many diverse industries including financial services, government, defense, education and healthcare. Mr. Heesters earned his Bachelor of Science in Computer Science from the University of Delaware, his Master of Engineering in Computer and Software Engineering from Widener University, and his Juris Doctor from the Widener University School of Law. Currently, Mr. Heesters is a Privacy and Security Specialist supporting HIPAA compliance and enforcement efforts with the Office for Civil Rights.
Jeremy Maxwell, PhD
Senior Technical Advisor, Office of the Chief Privacy Officer, Office of the National Coordinator for Health IT, US Department of Health and Human Services, Washington, DC

    Speaker Bio

    Jeremy Maxwell is a Senior Technical Advisor, Security with the Office of the Chief Privacy Officer (OCPO) in the Office of the National Coordinator for Healthcare IT (ONC) in the US Department of Health and Human Services (HHS), where he is responsible for furthering the goals of ensuring that electronic health information is secure & protected in the interoperable learning healthcare system. Prior to joining ONC, Jeremy was responsible for application security, privacy, and compliance at a leading provider of electronic health record systems. Jeremy has his PhD from North Carolina State University.
Laura VanDruff, JD
Assistant Director, Division of Privacy and Identity Protection, Federal Trade Commission, Washington, DC

    Speaker Bio

    Laura Riposo VanDruff is an Assistant Director of the Division of Privacy and Identity Protection at the Federal Trade Commission in Washington, D.C. An experienced litigator, she supervises investigations relating to violations of U.S. laws enforced by the Commission that relate to the privacy and security of consumer information. Ms. VanDruff also manages privacy and security initiatives at the Commission, including the Commission's Start with Security series. She recently served as trial counsel in an administrative litigation alleging that a medical testing laboratory failed to provide lawful security for consumers' personal information. Ms. Van is a graduate of the University of Virginia School of Law.
Kevin Stine
Manager, Security Outreach and Integration Group, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology's (NIST); Former Chief Information Security Officer, FDA, Washington, DC (Moderator)

    Speaker Bio

    Mr. Kevin Stine is the Chief of the Applied Cybersecurity Division in the National Institute of Standards and Technology's Information Technology Laboratory. In this capacity, he leads NIST collaborations with industry, academia, and government on the practical implementation of cybersecurity and privacy through outreach and effective application of standards and best practices. The Applied Cybersecurity Division develops cybersecurity and privacy guidelines, tools, and reference architectures in diverse areas such as public safety communications; health information technology; smart grid, cyber physical, and industrial control systems; and programs focused on outreach to small businesses and federal agencies. The Division is home to several priority national programs including the National Cybersecurity Center of Excellence, the National Strategy for Trusted Identities in Cyberspace, and the National Initiative for Cybersecurity Education (NICE). Recently, he led NIST's efforts to develop the Framework for Reducing Cybersecurity Risk to Critical Infrastructure (Cybersecurity Framework) as directed in Executive Order 13636. Prior to joining NIST, he served as the Chief Information Security Officer at the U.S. Food and Drug Administration.
10:00 a.m. Break
10:30 a.m.

FBI Update on Ransomware

Jeffrey L. Coburn
Unit Chief Major Cyber Crimes, FBI, Washington, DC

    Speaker Bio

    Unit Chief (UC) Jeffrey L. Coburn started his career with the FBI in January 2003. After graduating from the FBI Academy as a Special Agent in Quantico, Virginia, he reported to Dayton, Ohio where he investigated violent crimes, cyber crimes, and investigated terrorism as a member of the Joint Terrorism Task Force. In 2006, UC Coburn was transferred to Sierra Vista, Arizona where he investigated violent crimes, human and drug smuggling, assaults on Border Patrol Agents, and cyber crimes. In 2009, UC Coburn was promoted to Supervisory Special Agent and reported to Washington, DC where he worked in the Cyber Division managing National Security Computer Intrusions. In 2010, SSA Coburn was assigned to Field Supervisor and reported to Salt Lake City, Utah where he supervised the Cyber Task Force which covered the states of Utah, Idaho and Montana. In 2014, UC Coburn was assigned to Unit Chief of the Cyber Major Crimes Unit where he provides guidance, leadership, and oversight of all criminal computer intrusions investigated by FBI field offices and Legal Attaché offices throughout the world.
    Due to the proprietary and sensitive nature of this speaker's information we are prevented from streaming his slide presentation, nor will it be posted online in the archives.
11:00 a.m.

Health Care Ransomware Case Studies and Best Practices

Jeffrey L. Coburn
Unit Chief Major Cyber Crimes, FBI, Washington, DC

    Speaker Bio

    Unit Chief (UC) Jeffrey L. Coburn started his career with the FBI in January 2003. After graduating from the FBI Academy as a Special Agent in Quantico, Virginia, he reported to Dayton, Ohio where he investigated violent crimes, cyber crimes, and investigated terrorism as a member of the Joint Terrorism Task Force. In 2006, UC Coburn was transferred to Sierra Vista, Arizona where he investigated violent crimes, human and drug smuggling, assaults on Border Patrol Agents, and cyber crimes. In 2009, UC Coburn was promoted to Supervisory Special Agent and reported to Washington, DC where he worked in the Cyber Division managing National Security Computer Intrusions. In 2010, SSA Coburn was assigned to Field Supervisor and reported to Salt Lake City, Utah where he supervised the Cyber Task Force which covered the states of Utah, Idaho and Montana. In 2014, UC Coburn was assigned to Unit Chief of the Cyber Major Crimes Unit where he provides guidance, leadership, and oversight of all criminal computer intrusions investigated by FBI field offices and Legal Attaché offices throughout the world.
Melissa K. Ventrone, JD
Partner and Chair Data Privacy and Security Practice Group, Thompson Coburn LLP, Chicago, IL

    Speaker Bio

    When a cybersecurity incident strikes, Melissa coordinates a swift and strong breach response to manage her clients' situation and minimize damage. As chair of Thompson Coburn's cybersecurity practice, she leads teams of first responders, including lawyers and forensic investigators, in jumping head-on into a crisis. Melissa and her team work around the clock to control a breach situation and manage any public or regulatory fallout. When not in urgent response mode, Melissa represents her clients in cybersecurity litigation and proactively managing data privacy and security risks.

    Melissa's leadership abilities extend beyond her legal practice. She recently completed a distinguished 21 years of service in the Marine Corps Reserve, holding several key positions, including Company Commander for a 200- person unit, Executive Officer for a 329-person company deployed to Afghanistan, Operations Officer for a 1,000- person motor transport battalion, and the Logistics Officer for Combat Logistics Regiment 4. She also volunteers as an ombudsman for the Employer Support for the Guard and Reserve in which she serves as a mediator on employment- related disputes.
Rick Kam, CIPP
President and Co-founder, ID Experts, Portland, OR (Moderator)

    Speaker Bio

    Rick Kam, Certified Information Privacy Professional (CIPP/US), is president and co-founder of ID Experts, the leader in comprehensive data breach solutions. He is an expert in privacy and information security, with extensive experience leading organizations in the development of policies and solutions to address the growing problem of protecting protected health information (PHI) and personally identifiable information (PII), and remediating privacy incidents, identity theft, and medical identity theft.

    Mr. Kam leads and participates in several cross-industry data privacy groups, speaks at conferences and webinars, and regularly contributes original articles, including a monthly guest article in Government Health IT, and offers commentary to data security, privacy, risk, and IT publications. He is often quoted as a resource in news articles about medical identity theft, privacy and security incidents, and data breach.
11:30 a.m.

Health Care Chief Security Officer Best Practices Roundtable

Kathy Jobes
Vice President Chief Information Security Officer, OhioHealth; Former Vice President, Chief Information Security Officer, Sentara Healthcare; Former Chief Information Security Officer, Bon Secours Health System, Virginia Beach, VA

    Speaker Bio

    Kathy Jobes has over 25 years of experience working in healthcare; beginning her career in hospital operations, she worked in clinical, financial and IT roles before settling in IT security.

    Ms. Jobes implemented her first IT Security program at Shands HealthCare, a not-for-profit health system, in 1999. In 2006 she was recruited to Bon Secours Health System, Inc., a not-for-profit faith based health system, to develop a centralized enterprise IT Security program.

    Today, as the Vice President Chief Information Security Officer at OhioHealth she is responsible for providing IT Security executive leadership and vision in the areas of Identity and Access Management (IAM), Security Risk Management, Governance, HIPAA, and Assurance and Threat Management.
Robert A. Lucas II
Corporate Information Security Officer, Tanana Chiefs Conference, Fairbanks, AK

    Speaker Bio

    Retired Master Sergeant, United Stated Air Force and former Superintendent, 354th Medical Support Squadron, Eielson Air Force Base, AK.
Jacki Monson, JD, CHC, CHPC
Vice President, Chief Privacy and Information Security Officer, Sutter Health; Former Privacy Officer, Mayo Clinic Health System, Sacramento, CA

    Speaker Bio

    Jacki Monson has been working in healthcare for 12 years. Jacki's focus in healthcare has been in compliance, privacy and information security for the last ten years. Currently, Jacki is the Chief Privacy and Information Security Officer for Sutter Health where she provides direction and oversight of the privacy and information security program for all sites. Prior to that, Jacki served as the Chief Privacy Officer for Mayo Clinic. Prior to Mayo, Jacki worked for a Pharmacy Benefit Management and Mail Order Pharmacy Company and an independent Children's Hospital in compliance, information security and privacy roles. Jacki has authored numerous articles on privacy and information security and is a frequent speaker on the subject matters.

    Jacki has a Juris Doctor from Hamline University Law School. She holds certifications in health care law, privacy and compliance. She has a BA from The College of Saint Scholastica in Psychology.
Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US
Chief Executive Officer, Clearwater Compliance; Former Vice President, Technology Operations, GE Information Services, Nashville, TN (Moderator)

    Speaker Bio

    Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry's leading authorities in healthcare information security today. Chaput is the founder and chief executive officer of Clearwater Compliance, a top-ranked provider of healthcare compliance and cyber risk management solutions that are exclusively endorsed by the American Hospital Association. As a leading authority on cybersecurity and information risk management of health data, Chaput has supported hundreds of payers, hospitals and health systems, including Fortune 100 organizations and government institutions, to successfully manage healthcare's evolving cybersecurity threats and ensure patient safety.

    A leader who has a unique view of healthcare cybersecurity innovation, Chaput has been responsible for the security of and and associated regulatory compliance of some of the world's largest healthcare networking and computing infrastructures. His direct responsibility and customer experience include safeguarding many of largest HR, Benefits and healthcare databases, requiring the highest levels of security for employers, healthcare providers, health plans and governments.

    Prior to forming Clearwater in 2009, Chaput held executive level positions with publicly traded global companies such as GE, Johnson & Johnson and Healthways. At Healthways, he safeguarded the health data of 45 million Americans, and at GE, he was responsible for the human resources databases, health insurance programs, compensation and payroll systems for more than 400,000 of its employees and 800,000 of its pensioners.

    Chaput brings nearly 40 years of combined healthcare and cybersecurity experience, managing complex projects for more than 500 clients.

    Through Chaput's leadership, Clearwater's solutions earned the exclusive endorsement of The American Hospital Association. The AHA represents nearly 5,000+ hospitals, healthcare systems, networks, other providers of care and 43,000 individual members.

    Chaput and his company have won numerous awards from the American Hospital Association, CyberSecurity Ventures and CIOReview.

    Chaput is a member of the College of Healthcare Information Management Executives (CHIME) and the Association of Executives in Healthcare Information Security (AEHIS) Advisory Board and is known for his commitment to educational initiatives and giving back to support the industry at large.

    In addition to his practical experience, Chaput holds the Certified Information Systems Security Professional (CISSP), Health Care Information Security and Privacy Practitioner (HCISPP), Certified in Risk Information Security Controls (CRISC), Certified Information Privacy Professional/US (CIPP/US), and numerous other technical certifications.

    Chaput earned his undergraduate and graduate degrees in mathematics and two advanced certificates from the Vanderbilt University School of Engineering. He has been an adjunct faculty member at Belmont University and the ITT Technical Institute and is a Certified ISC2 HCISPP Instructor.

    Chaput is a member of and contributes his expertise to the following industry organizations: ACHE, AHA, CHIME, AEHIS, HIMSS, HCCA, ISC2, ISACA and ISSA.
    Presentation Material (Acrobat)
12:30 p.m. Networking Luncheon

CLOSING PLENARY SESSION: TRANSACTIONS, CODE SETS, OPERATING RULES, HEALTH PLAN IDENTIFIER AND ICD 10 IMPLEMENTATION
1:15 p.m.

Welcome and Introductions

Steven S. Lazarus, PhD, CPEHR, CPHIE, CPHIT, CPORA, FHIMSS
President, Boundary Information Group; Member, Board of Examiners, Health IT Certification, LLC; Past Chair, WEDI, Denver, CO (Co Chair)

    Speaker Bio

    Steven S. Lazarus is President and Co-Founder of Boundary Information Group (BIG), a virtual health care information and technology consulting firm. The firm is recognized for its leadership in conducting "mock" audits for HIPAA Privacy, Security, Breach Notification, Transactions, Code Sets, Identifier and Operating Rules; and EHNAC Accreditation. His consulting engagements include electronic health records (EHR), health information exchange (HIE), system strategic planning, operating rules implementation and compliance, revenue cycle improvement and workflow improvement, and HIPAA compliance. His clients include physician practices, hospitals, HIEs, insurance companies, vendors, government (Federal, State and local) and national associations. In 2004, he co-founded Health IT Certification, LLC. He is a faculty member and Vice-Chair of the Board of Examiners. He has been accepted by the Courts as an expert HIPAA witness. Dr. Lazarus is a Former Chair of WEDI.
    Presentation Material (Acrobat)
1:30 p.m.

Keynote: Advancing Administrative Simplification

Denesecia Green
Deputy Director, National Standards Group (NSG), Office of Enterprise Information (OEI), Centers for Medicare and Medicaid Services, Baltimore, MD

    Speaker Bio

    Denesecia Green, is the Deputy Director of the National Standards Group (NSG) within the Office of Enterprise Information, Centers for Medicare & Medicaid Services (CMS). Mrs. Green's 17 years of health care experience and strong commitment to public health programs span over a wide variety of HHS and CMS programs and policy. CMS program experience includes Medicare, Medicare Advantage, Medicaid, Program Integrity, Quality, Marketplace, Population Health, Health IT, and national standards for Administrative Simplification. In her current role, Mrs. Green adopts HIPAA and ACA standards that enable health information to be exchanged electronically to achieve greater uniformity, efficiency, and cost savings across the healthcare industry.
    Presentation Material (Acrobat)
2:00 p.m.

ACA Operating Rules Update

Gwendolyn Lohse
Managing Director, CORE; Deputy Director, CAQH, Washington, DC

    Speaker Bio

    Gwendolyn Lohse is the Deputy Director of CAQH and the Managing Director of CAQH's Committee on Operating Rules for Information Exchange (CORE). Prior to joining CAQH, Ms. Lohse was in management roles at Johns Hopkins and PricewaterhouseCoopers, where she served both domestic and international healthcare clients.
    Presentation Material (Acrobat)
2:30 p.m.

HIPAA Administrative Simplification Opportunities for Physician Practices

Robert M. Tennant, MA
Director, HIT Policy, Medical Group Management Association, Washington, DC

    Speaker Bio

    As Director of HIT Policy for the Association, Mr. Tennant focuses on federal legislative and regulatory information technology issues including HIPAA, administrative simplification, federal quality reporting programs, EHR policy, and other HIT topics. Mr. Tennant currently participates with numerous industry organizations including: Vice Chair of the Board of Directors of the Workgroup for Electronic Data Interchange (WEDI); and co-chair of the WEDI Virtual Clipboard Initiative, Secure Messaging Workgroup, and ePayments Taskforce. He also serves on the Board of Commissioners for the Electronic Healthcare Network Accreditation Commission (EHNAC), the CAQH Index Advisory Panel, the National Uniform Claim Committee; the Physicians EHR Coalition; and others. Mr. Tennant was named as one of HealthData magazine's "Twenty People to Watch in Healthcare IT in 2016."
    Presentation Material (Acrobat)
3:00 p.m.

Administrative Simplification Enforcement and Testing Tool (ASETT)

Angelo Pardo III
FAC P/PM Level III, COR Level III, Health Insurance and IT Specialist, Centers for Medicare and Medicaid Services, Baltimore, MD

    Speaker Bio

    Successful IT Health Insurance Professional concentrated on Healthcare Regulations, and applied development for health insurance systems. Experiences comprise perception of US Title 42 - Public Health Code of Federal Regulations (CFR), Health Insurance Portability Accountability Act (HIPAA), Affordable Care Act (ACA) and successful implementation of major systems for CMS' Programs Medicare, Medicaid, and Children's Health Insurance Program (CHIP). Certified Senior/ Expert Federal Acquisition Program and Project Management (FAC P/PM Level III), Contract Officer Representative (COR Level III), IT Investment Manager and recognized HIPAA complaint developer.
Gladys Wheeler
Health Insurance Specialist, Centers for Medicare and Medicaid Services, Baltimore, MD

    Speaker Bio

    Gladys Wheeler has been at CMS more than ten years, most recently in Enforcement with the Division of Administrative Simplification and Compliance. Prior to joining CMS, worked with the private health care industry in health care administration and consulting roles. Holds a Master of Arts in Management and am a Certified Professional Coder.
    Presentation Material (Acrobat)
3:45 p.m. Summit Adjournment

Go to Agenda:
Preconference | Day 1




Overview | Agenda | Promotional Opportunities | Grantors & Exhibitors
Webcast Login | Continuing Education | HIPAA Award Winners
Speaking Proposals | Admin | Past Summits | Contact Us | Home




© Health Care Conference Administrators
Contact Webmaster