Agenda – Day 2

John Parmigiani is President of John C. Parmigiani & Associates, LLC. His continuing primary focus is on helping healthcare organizations become compliant with healthcare regulations, in particular HIPAA/HITECH, and move toward E-Health. He has worked with a wide range of healthcare organizations and clients, including: hospitals/physicians/suppliers; academic medical centers: health plans; labs; retail pharmacies; software developers; practice management system developers; billing companies; transcription services; and has served as an expert witness in privacy/security cases. He has over 40 years experience in both the public and private sectors, where he held executive level positions, was the federal chair for the development of the HIPAA Security Rule, and has taught at the university level. More information regarding his extensive list of presentations, publications, and affiliations as well as his credentials is available at www.johnparmigiani.com.

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security +, CCSFP, is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudia Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.

Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with health information privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process.

Adam is the Chair of the HIMSS Cloud Security Workgroup, co-founder of the Health Care Cloud Coalition, was named one of 2015’s top ten influencers in health information security by HealthCareInfoSecurity.com, and is a frequent speaker and author on health information privacy and security issues.

Rick Kam, CIPP/US, is president and co-founder of ID Experts. ID Experts delivers data breach response services, manages cyber risks, and is trusted by thousands of organizations. ID Experts is the largest provider of identity protection products to the federal government. Rick has extensive experience leading organizations in the development of policies and solutions to address the growing problem of protecting protected health information (PHI) and personally identifiable information (PII), and remediating privacy and security incidents, identity theft, and medical identity theft. Rick leads and participates in several cross-industry data privacy groups, including PHI Protection Network (PPN) and Medical Identity Fraud Alliance.

Yvonne Wolters is the Privacy Official for Cleveland Clinic and as such she has oversight of the Privacy Program for the health system. She has over 10 years’ experience in health care privacy compliance for both provider and health plan covered entities. Prior to joining Cleveland Clinic, Yvonne was the Privacy & Information Security Officer for Kaiser Permanente in Ohio. Yvonne has a Paralegal Certification, a Bachelor’s Degree in Legal Studies, and is Certified in Healthcare Privacy Compliance. Yvonne lives in Cleveland, Ohio.

Lisa Acevedo brings nearly two decades of deep experience in HIPAA and health information privacy and security to provide clients with compliance strategies to maximize the benefits of health data while minimizing and responding to ever-changing threats and risks. As the Co-Chair of Polsinelli’s HIPAA/Health Information Privacy and Security team, Lisa provides counsel on structuring complex strategic alliances and other arrangements related to data sharing, including Big Data strategies. She has assisted clients through security breaches, including those involving phishing attacks, malware, theft and vendor breaches. She has successfully guided clients through subsequent OCR and state agency investigations.

David Holtzman is vice president of compliance strategy for CynergisTek. He is considered a subject matter expert in health information privacy and compliance issues. David is a sought after public speaker, commentator and contributor regarding compliance and enforcement of health information privacy in the health care industry. Prior to CynergisTek, Holtzman served as a senior advisor for health information technology and the HIPAA Security Rule at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS). Prior to joining HHS, David was the privacy & security officer for Kaiser Permanente’s Mid-Atlantic Region.

Jerry has always been passionate about security in one form or another. He first picked it up with his time in the military and then transferred it to his first IT job working as a computer operator with IBM mainframes. When the time came to diversify his skill set he moved to networks and picked up network security positions with banking and manufacturing companies working in security and admin positions.

State of Utah Department of Human Services recruited Jerry to work both mainframe and network security where he was able to transform the culture and bring the idea of security down to the employee level.

A move to the University of Utah working in the medical side enabled Jerry to see the regulatory environment and begin to understand the Privacy world and the nuance that Privacy is and how different it is from Information Security.

It also allowed Jerry to pursue a chance to work on completing his Masters in Public Administration. Jerry is very fortunate to have a very forgiving wife and two great son’s that put up with his crazy security ideas because he experiments at home and connectivity can be a problem at times depending on which firewall is working that day!

Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. Chaput is the founder and chief executive officer of Clearwater Compliance, a top-ranked provider of healthcare compliance and cyber risk management solutions that are exclusively endorsed by the American Hospital Association. As a leading authority on cybersecurity and information risk management of health data, Chaput has supported hundreds of payers, hospitals and health systems, including Fortune 100 organizations and government institutions, to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.

A leader who has a unique view of healthcare cybersecurity innovation, Chaput has been responsible for the security of and and associated regulatory compliance of some of the world’s largest healthcare networking and computing infrastructures. His direct responsibility and customer experience include safeguarding many of largest HR, Benefits and healthcare databases, requiring the highest levels of security for employers, healthcare providers, health plans and governments.

Chaput brings nearly 40 years of combined healthcare and cybersecurity experience, managing complex projects for more than 500 clients.

In addition to his practical experience, Chaput holds the Certified Information Systems Security Professional (CISSP), Health Care Information Security and Privacy Practitioner (HCISPP), Certified in Risk Information Security Controls (CRISC), Certified Information Privacy Professional/US (CIPP/US), and numerous other technical certifications.

Shreehari Desikan is Founder / CEO of dataphilic.io, a company specialized in migrating and managing healthcare workloads to cloud. Previously, he was Co-founder/CEO of HashSec, which hosted healthcare and financial services applications.

Prior to HashSec, he led privacy, security and compliance program for Motorola cloud services on both on-premises and Google Cloud Platform. He is a CISSP and holds an MBA from Babson College.

Jerry has always been passionate about security in one form or another. He first picked it up with his time in the military and then transferred it to his first IT job working as a computer operator with IBM mainframes. When the time came to diversify his skill set he moved to networks and picked up network security positions with banking and manufacturing companies working in security and admin positions.

State of Utah Department of Human Services recruited Jerry to work both mainframe and network security where he was able to transform the culture and bring the idea of security down to the employee level.

A move to the University of Utah working in the medical side enabled Jerry to see the regulatory environment and begin to understand the Privacy world and the nuance that Privacy is and how different it is from Information Security.

It also allowed Jerry to pursue a chance to work on completing his Masters in Public Administration. Jerry is very fortunate to have a very forgiving wife and two great son’s that put up with his crazy security ideas because he experiments at home and connectivity can be a problem at times depending on which firewall is working that day!

Sheetal Sood: I am an information Security, Governance, Risk & Compliance Executive with expertise in technology risk governance and management, information security metrics, security tools and techniques, audit and investigation of physical and information systems, business continuity, security awareness training, and compliance and security curriculum development. I have proven expertise and vast experience in implementing risk-focused information security solutions in a variety of industries including Government, Healthcare, Financial services and Technology.

Key advisor to senior management on matters of risk, process improvement, and information technology strategy. Solid experience in HIPAA, PCI, NIST and other compliance areas.

Certified in Information healthcare compliance, Privacy, IT Audit, Security and Risk Management (CHC, CIPP, CISA, CISSP, CRISC, and GIAC GSEC). Numerous product-specific certifications.

John Parmigiani is President of John C. Parmigiani & Associates, LLC. His continuing primary focus is on helping healthcare organizations become compliant with healthcare regulations, in particular HIPAA/HITECH, and move toward E-Health. He has worked with a wide range of healthcare organizations and clients, including: hospitals/physicians/suppliers; academic medical centers: health plans; labs; retail pharmacies; software developers; practice management system developers; billing companies; transcription services; and has served as an expert witness in privacy/security cases. He has over 40 years experience in both the public and private sectors, where he held executive level positions, was the federal chair for the development of the HIPAA Security Rule, and has taught at the university level. More information regarding his extensive list of presentations, publications, and affiliations as well as his credentials is available at www.johnparmigiani.com.

Nickie has worked in Compliance and Privacy since 1997. She has served as Compliance and/or Privacy Officer for highly respected complex healthcare systems, including NewYork-Presbyterian in NYC, North Shore LIJ, NY, and at Boston Medical Center in Boston, Ma. She has been responsible for proactively identifying, evaluating and mitigating and reporting Compliance, Privacy, regulatory and reputational risks to the organizations she serves. In these roles she has developed Compliance and Privacy Programs through establishing policies, implementing comprehensive education and communications programs, developing auditing and monitoring programs, establishing executive and operational oversight committees and advising management and staff about compliance with Privacy and healthcare business regulations and laws.

Dr. Bill Braithwaite has dedicated his career to improving the quality and efficiency of health care for patients and practitioners utilizing information technology. He is best known as the author of the Administrative Simplification Subtitle of HIPAA and as a major contributor to the subsequent federal regulations setting standards for transactions, code sets, identifiers, security, and privacy of personal health information. As an independent consultant, he now works with a few small clients on the policy, technology, and compliance issues of health information privacy and security.

Ms. Malikah “Mikki” Smith has is currently serving as the Security Branch Chief with Health and Human Services (HHS), Office of the National Coordinator (ONC), Office of the Chief Privacy Officer (OCPO). In her role she assists the Chief Privacy Officer (CPO) and the Security Branch develop and coordinate privacy, security, and data stewardship policy across the federal government, state and regional agencies, and foreign countries by providing subject matter expertise and technical support. Mikki brings to this role a wide breadth of Cybersecurity experience from multiple Federal and private sector roles spanning 15+ years of IT, Cybersecurity and Security Program acumen. She is considered an industry expert in the area of information system security policies and procedures, applications and network security architectures, DoD and Management & Budget (OMB) and Federal IA and Security requirements.

Ms. Mikki Smith has performed in Cyber Security Program Management roles for the Federal Emergency Management Agency and the Defense Health Care Agency. During her tenure with FEMA, she managed cybersecurity teams responsible for establishing and executing a standardized Information System Cyber Security assessment and authorization (A&A) process across the FEMA enterprise that was in accordance with the Department of Homeland Security (DHS) and FISMA policy. While supporting the DHA Military Health Systems/TRICARE Management Activity Information Assurance Program her team certified medical information systems compliance with Federal and Departmental IS Information Assurance regulations and Privacy laws.

Prior to joining DHA, Mikki provided management and supervision of Departmental IT Security Programs in support of the Department Of the Interior (DOI). During her tenure with DOI she was responsible for the development of new departmental IT Security Policy Handbook; deployment and implementation of DOI’s first online Role-Based IA and Annual Awareness Training; establish and management of the new Security Division’s Compliance Branch which resulted in the successful completion of FISMA audits for DOI.

A Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP) and Certification and Accreditation Professional (CAP) she has been recognized and presented with awards for her leadership and technical expertise.

As founding President and Chief Executive Officer of DirectTrust, Dr. Kibbe serves as the organization’s global ambassador, establishing collaborative relationships with key industry stakeholders, and overseeing the governance of a rapidly growing network for secure, interoperable, health information exchange via Direct. A 25-year veteran of the healthcare IT industry, Dr. Kibbe was previously the founder of the American Academy of Family Physicians’ Center for Health IT, CEO of the innovative web-based care coordination software company Canopy Systems, and a family physician with 20 years experience in private and academic medical practice in Maine, Texas, and North Carolina. Dr. Kibbe is a graduate of Harvard University magna cum laude class of 1972. He completed his medical training at Case Western Reserve University and the University of North Carolina at Chapel Hill, and his business degree at the University of Texas at Austin. He was an Adjunct Professor at the UNC School of Public Health, and faculty for the Institute for Healthcare Improvement, IHI, where he designed and taught courses in population data management, quality improvement, and statistics. Over the course of his career, he has served as a consultant in health IT and informatics standards for more than 100 companies, and has served in various industry leadership roles including Chair of the ASTM E31 Committee on Healthcare Informatics. He was a co-developer of the first clinical summary XML standard, the Continuity of Care Standard, CCR, and an early contributor to the Direct Protocol. Dr. Kibbe has published on a range of subjects, including quality management in family medicine, EMR adoption and use, and healthcare policy. He is an avid sailor and lives in Oriental, NC, the "sailing capital of North Carolina.

Jodi Daniel is a partner in Crowell & Moring’s Washington, D.C. office and a member of the firm’s Health Care Group. She leads the Digital Health Practice and provides strategic advice to clients navigating the legal and regulatory environments related to technology in the health care sector to help them achieve their business goals. Jodi was the founding director of the Office of Policy in the Office of the National Coordinator for Health Information Technology (ONC), U.S. Department of Health and Human Services (HHS) for a decade after serving in the Office of the General Counsel at HHS for five years. At HHS, Jodi helped spearhead important changes in health information privacy and health information technology to improve health care for consumers nationwide. She was also one of the key drafters of the original Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules and Enforcement Rules.

Tina Grande is Senior Vice President for Policy for the Healthcare Leadership Council (HLC), a coalition of chief executives of the nation’s leading healthcare companies and organizations. HLC advocates for consumer-centered health reform, emphasizing the value of private sector innovation. It is the only health policy advocacy organization representing all sectors of the health care industry. Ms. Grande oversees all policy-related matters pertaining to delivery systems, payment reform, health information technology, patient safety, and healthcare quality. She is Chair of the Confidentiality Coalition, the leading health privacy coalition bringing together all sectors of the healthcare industry to ensure that federal policymakers find the right balance between the protection of health information and the efficient and interoperable systems needed to provide high quality care.

NANCY L. PERKINS, of Arnold & Porter LLP, advises clients on federal, state, and global data privacy law, particularly HIPAA and the HITECH Act. Nancy also assists clients on data security issues raised by mobile applications and other emerging technologies, and in responding to data security breaches. A graduate of Harvard Law School and Harvard’s Kennedy School of Government, Ms. Perkins is the author of numerous articles on data privacy and security, is an Adviser on the American Law Institute’s forthcoming Restatement of Information Privacy Principles, and has been ranked for Privacy & Data Security by Chambers USA since 2009.

Katherine Downing is the Senior Director IG Advisors at the American Health Information Management Association in Chicago focused on Information Governance, Privacy, Security and the Electronic Health Record. Kathy has over 20 years of experience in healthcare as a Privacy Officer, Project manager, HIM Director and IT analyst. As a Director of Patient Health Information Protection at a hospital systems’ corporate office she led the creation of the Privacy Program for over 300 hospitals, surgery centers, and physician practices including training over 1000 privacy officers. She has expertise in Electronic Health Records and has worked with numerous sites during implementations.

Ms. Downing is an established speaker on diverse healthcare topics and an active author on information governance, security, privacy and legal health records. She is also an adjunct faculty member for the University of Cincinnati.

C.J. Wolf, MD, M.Ed. has been involved in healthcare for over 20 years beginning with his years in medical school. Shortly after graduating and beginning a residency, Dr. Wolf made a career change to healthcare administration, reimbursement and compliance. He has worked in various coding, reimbursement or Chief Compliance Officer roles for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System and Merit Medical Systems. He currently is Sr. Compliance Executive at Healthicity.

Dr. Wolf has a passion for teaching and education. He has developed and taught curricula for adult employees seeking national coding certifications, trade workshops and seminars, and has served as adjunct faculty for Salt Lake Community College and currently is Faculty at Brigham Young University-Idaho. In addition to his medical degree from the University of Illinois at Chicago College of Medicine, Dr. Wolf holds a master of education (M.Ed.) from the University of Texas at Brownsville. He completed his B.S., magna cum laude, from Brigham Young University, Provo, UT.

He holds the following professional certifications:

• AAPC (American Academy of Professional Coders): CPC (Certified Professional Coder), COC (Certified Outpatient Coder)
  
• HCCA (Health Care Compliance Association): CHC (Certified in Healthcare Compliance)
  
• SCCE (Society of Corporate Compliance and Ethics): CCEP (Certified Compliance & Ethics Professional)
  
• IIA (Institute of Internal Auditors): CIA (Certified Internal Auditor)