Agenda – Precon/Day 1
PRECONFERENCE: CERTIFIED CYBER SECURITY ARCHITECT (CCSASM) PROFESSIONAL CERTIFICATION TRAINING
8:00 a.m.
Introduction and Overview
Uday O. Ali Pabrai, MSEE, CISSP
Chief Executive Officer and Co-founder, ecfirst (Home of HIPAA Academy), Irvine, CA
Chief Executive Officer and Co-founder, ecfirst (Home of HIPAA Academy), Irvine, CA
Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security +, CCSFP, is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudia Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.
8:30 a.m.
Security Incident Management
9:00 a.m.
Vulnerability Assessment & Pen Tests
9:45 a.m.
Cyber Security Policies
10:00 a.m.
Break
10:30 a.m.
Establishing a Cyber Security Program
11:00 a.m.
Faculty Q&A
11:30 a.m.
CCSASM Exam
12:00 p.m.
Adjournment; Lunch on Your Own
AGENDA: DAY 1
WEDNESDAY, MARCH 29, 2017
1:00 p.m.
Introduction and Overview of the Health Care Privacy and Security Landscape
Adam Greene, JD, MPH
Partner, Davis Wright Tremaine; Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-chair)
Partner, Davis Wright Tremaine; Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Co-chair)
Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with health information privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process.
Adam is the Chair of the HIMSS Cloud Security Workgroup, co-founder of the Health Care Cloud Coalition, was named one of 2015’s top ten influencers in health information security by HealthCareInfoSecurity.com, and is a frequent speaker and author on health information privacy and security issues.
Adam is the Chair of the HIMSS Cloud Security Workgroup, co-founder of the Health Care Cloud Coalition, was named one of 2015’s top ten influencers in health information security by HealthCareInfoSecurity.com, and is a frequent speaker and author on health information privacy and security issues.
1:15 p.m.
OCR Policy and Implementation Update
Deven McGraw, Esq.
Deputy Director of Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services; Former Director, Health Privacy Project, Center for Democracy & Technology; Former Chief Operating Officer, National Partnership for Women & Families, Washington, DC
Deputy Director of Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services; Former Director, Health Privacy Project, Center for Democracy & Technology; Former Chief Operating Officer, National Partnership for Women & Families, Washington, DC
Deven McGraw is the Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR) as the Deputy Director for Health Information Privacy and is the Acting Chief Privacy Officer for the HHS Office of the National Coordinator for Health IT (ONC). She is an expert on HIPAA Rules and brings a wealth of experience in both the private sector and the non-profit advocacy world.
Prior to joining HHS, she was a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP. She previously served as the Director of the Health Privacy Project at the Center for Democracy & Technology, which is a leading consumer voice on health privacy and security policy issues, and as the Chief Operating Officer at the National Partnership for Women & Families, where she provided strategic leadership and substantive policy expertise for the Partnership’s health policy agenda.
Prior to joining HHS, she was a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP. She previously served as the Director of the Health Privacy Project at the Center for Democracy & Technology, which is a leading consumer voice on health privacy and security policy issues, and as the Chief Operating Officer at the National Partnership for Women & Families, where she provided strategic leadership and substantive policy expertise for the Partnership’s health policy agenda.
Iliana L. Peters, JD, LLM
Senior Advisor for HIPAA Compliance and Enforcement, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
Senior Advisor for HIPAA Compliance and Enforcement, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
2:45 p.m.
FTC Privacy Enforcement Update
Cora Han, Esq.
Senior Attorney, Division of Privacy and Identity Protection, Federal Trade Commission, Washington, DC
Senior Attorney, Division of Privacy and Identity Protection, Federal Trade Commission, Washington, DC
Cora Han is a senior attorney in the Federal Trade Commission’s Division of Privacy and Identity Protection where she investigates and prosecutes violations of federal laws protecting the privacy and security of consumer information, and works on related policy matters. She has played a leading role working on health privacy matters for the FTC, including organizing the FTC’s seminar on Consumer Generated and Controlled Health Data, and moderating the discussion on connected health at the FTC’s workshop on the Internet of Things. In addition, Cora was one of the principal authors of the FTC’s Health Breach Notification Rule.
3:15 p.m.
Break
3:45 p.m.
Navigating the HIPAA Enforcement Landscape under the Trump Administration
Kirk J. Nahra, Esq.
Partner, Wiley Rein LLP; Editor, The Privacy Advisor, International Association of Privacy Professionals; Editorial Board, BNA Privacy & Security Law Report, Washington, DC
Partner, Wiley Rein LLP; Editor, The Privacy Advisor, International Association of Privacy Professionals; Editorial Board, BNA Privacy & Security Law Report, Washington, DC
Kirk J. Nahra is a partner with Wiley Rein LLP in Washington, D.C., where he represents companies in a broad range of industries in connection with privacy and data security laws and regulations across the United States and globally. He is chair of the firm’s Privacy Practice and co-chair of its Health Care Practice.
He is a nationally recognized expert on privacy and data security laws related to the health care and insurance industries. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. He provides advice on data breaches, enforcement actions, contract negotiations, business strategy, research and de-identification issues and privacy, data security and cybersecurity compliance. He advises companies in virtually all industries, ranging from Fortune 500 companies to start-ups.
A long-time member of the Board of Directors of the International Association of Privacy Professionals, he also has served as the editor of Privacy Advisor, the monthly newsletter of the International Association of Privacy Professionals. He is a Certified Information Privacy Professional and serves on the Advisory Board for the Health Law Reporter, the Privacy and Security Law Report and the Health Care Fraud Report.
He can be reached at 202.719-7335 or knahra@wileyrein.com. Follow him on Twitter @kirkjnahrawork.
He is a nationally recognized expert on privacy and data security laws related to the health care and insurance industries. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. He provides advice on data breaches, enforcement actions, contract negotiations, business strategy, research and de-identification issues and privacy, data security and cybersecurity compliance. He advises companies in virtually all industries, ranging from Fortune 500 companies to start-ups.
A long-time member of the Board of Directors of the International Association of Privacy Professionals, he also has served as the editor of Privacy Advisor, the monthly newsletter of the International Association of Privacy Professionals. He is a Certified Information Privacy Professional and serves on the Advisory Board for the Health Law Reporter, the Privacy and Security Law Report and the Health Care Fraud Report.
He can be reached at 202.719-7335 or knahra@wileyrein.com. Follow him on Twitter @kirkjnahrawork.
4:15 p.m.
Preparing for and Responding to an OCR HIPAA Audit
Janelle Burns, JD, CHPS
President, Burns Consulting, Inc.; Former Corporate Privacy and Security Officer, Baptist Memorial Health Care Corporation, Memphis, TN
President, Burns Consulting, Inc.; Former Corporate Privacy and Security Officer, Baptist Memorial Health Care Corporation, Memphis, TN
Janelle Burns is currently in the private practice of law and provides HIPAA consulting services. Previously, Ms. Burns served as the Corporate Privacy & Security Officer for Baptist Memorial Health Care Corporation in Memphis, Tennessee, where she oversaw compliance with patient privacy laws for fourteen hospitals and approximately 150 physician practices located in Tennessee, Mississippi, and Arkansas. Ms. Burns began her career with Baptist in January 2002. Ms. Burns received her Doctor of Jurisprudence and a Certificate in Health Law from the University of Tulsa College of Law in 1999.
April Carlson, MBA
Privacy Officer, Mayo Clinic, Rochester, MN
Privacy Officer, Mayo Clinic, Rochester, MN
April Carlson is the Privacy Officer for Mayo Clinic and is responsible for oversight of a privacy program for 64,000 employees, physicians, scientists, and students. Mayo Clinic has locations in several states including Arizona, Florida, Iowa, Minnesota, and Wisconsin. April is a Certified Fraud Examiner, a HealthCare Information Security and Privacy Practitioner, and was certified as an Accredited Health Care Fraud Investigator, Professional Coder, and Pharmacy Technician. April has a Master of Business Administration degree from Augsburg College and has over 15 years of experience investigating privacy and compliance violations, identify theft, financial fraud, health care fraud, and drug diversion.
5:00 p.m.
Privacy Rule Audit for Smaller Clinics and Facilities
Thomas Wood
Associate HIPAA Privacy Rule Officer, County of Los Angeles, Los Angeles, CA
Associate HIPAA Privacy Rule Officer, County of Los Angeles, Los Angeles, CA
For approximately two years, Thomas Wood has assisted Los Angeles County’s Chief HIPAA Privacy Officer in the implementation and oversight of the Countywide HIPAA program, providing consultation to departmental staff, drafting policies and procedures, and conducting regular audits and facility evaluations. Prior to that, Thomas spent eight years conducting criminal and administrative investigations of fraud and misconduct involving various County employees and contractors.
5:30 p.m.
Healthcare Chief Privacy Officers Best Practices Roundtable
Rafe Schoenfeld, CIPP/US
Executive Director and U.S. Corporate & Investment Bank Privacy Officer, J.P. Morgan, New York, NY
Executive Director and U.S. Corporate & Investment Bank Privacy Officer, J.P. Morgan, New York, NY
Rafe Schoenfeld is executive director at JPMorgan Chase, where he is the privacy officer for the firm’s Corporate & Investment Bank. Rafe has more than 25 years experience in the financial services industry, including 6 years in privacy compliance. In his current role, he manages the privacy program for JPMorgan’s institutional banking and broker-dealer activities, including HIPAA compliance and data breach incident response.
Rafe has a BA from the University of Rochester and is a certified information privacy professional.
Rafe has a BA from the University of Rochester and is a certified information privacy professional.
Judith D. Thompson, Esq.
Deputy City Attorney, Los Angeles City Attorney’s Office, Los Angeles, CA
Deputy City Attorney, Los Angeles City Attorney’s Office, Los Angeles, CA
Ms. Thompson is currently a Deputy City Attorney in the General Counsel Division of the Los Angeles City Attorney’s Office and serves as the office expert on the Health Insurance Portability and Accountability Act (“HIPAA”). With nearly 29 years of experience as a transactional, litigation and advice attorney, Ms. Thompson has tried numerous jury trials in both the Criminal and Municipal Branches of the office, handling all aspects of litigation before trial and appellate courts in the State of California including the California Supreme Court (Schifando v. City of Los Angeles).
During her tenure in the office, Ms. Thompson spent 19 years in the Labor Relations Division litigating and advising in the areas of employment (race, sex and disability) discrimination and harassment, resolution of grievances with numerous labor unions, drafting policy & procedure manuals and negotiating job classification studies. This experience with workforce duties for a municipal client as expansive as the City of Los Angeles proved to be an important tool in what would later be her role for nearly the last 10 years as the office expert for the HIPAA.
Recently, Ms. Thompson drafted an “Organized Health Care Arrangement” [“OCHA”] MOU between the Los Angeles Fire Department and the Los Angeles County Health Agency to facilitate the HIPAA-compliant data sharing of information to promote the continuity of care for residents of the City of Los Angeles.
During her tenure in the office, Ms. Thompson spent 19 years in the Labor Relations Division litigating and advising in the areas of employment (race, sex and disability) discrimination and harassment, resolution of grievances with numerous labor unions, drafting policy & procedure manuals and negotiating job classification studies. This experience with workforce duties for a municipal client as expansive as the City of Los Angeles proved to be an important tool in what would later be her role for nearly the last 10 years as the office expert for the HIPAA.
Recently, Ms. Thompson drafted an “Organized Health Care Arrangement” [“OCHA”] MOU between the Los Angeles Fire Department and the Los Angeles County Health Agency to facilitate the HIPAA-compliant data sharing of information to promote the continuity of care for residents of the City of Los Angeles.
Yvonne Wolters
Privacy Official, Cleveland Clinic; Former Privacy and Security Officer, Kaiser Permanente, Cleveland, OH
Privacy Official, Cleveland Clinic; Former Privacy and Security Officer, Kaiser Permanente, Cleveland, OH
Yvonne Wolters is the Privacy Official for Cleveland Clinic and as such she has oversight of the Privacy Program for the health system. She has over 10 years’ experience in health care privacy compliance for both provider and health plan covered entities. Prior to joining Cleveland Clinic, Yvonne was the Privacy & Information Security Officer for Kaiser Permanente in Ohio. Yvonne has a Paralegal Certification, a Bachelor’s Degree in Legal Studies, and is Certified in Healthcare Privacy Compliance. Yvonne lives in Cleveland, Ohio.
Adam Greene, JD, MPH
Partner, Davis Wright Tremaine; Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Moderator)
Partner, Davis Wright Tremaine; Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, US Department of Health and Human Services, Washington, DC (Moderator)
Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with health information privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process.
Adam is the Chair of the HIMSS Cloud Security Workgroup, co-founder of the Health Care Cloud Coalition, was named one of 2015’s top ten influencers in health information security by HealthCareInfoSecurity.com, and is a frequent speaker and author on health information privacy and security issues.
Adam is the Chair of the HIMSS Cloud Security Workgroup, co-founder of the Health Care Cloud Coalition, was named one of 2015’s top ten influencers in health information security by HealthCareInfoSecurity.com, and is a frequent speaker and author on health information privacy and security issues.