Thursday, Oct. 22, 2015
Registration & Breakfast
Health & Human Services:
Office of Civil Rights Update
9 a.m. – 10 a.m.
HHS OCR has seen significant change and a great deal of activity since the HIPAA Omnibus Final Rule came into effect. This year, pre-audit screening surveys were sent out to 350 covered entities and 50 business associates as part of Phase 2 of the HIPAA Audit Program. This session will provide an update on recent activity and what’s on the horizon, and will explain impacts to Covered Entities, Business Associates and other stakeholders.
Barbara Holland, Office of Civil Rights, U.S. Department of Health & Human Services
Big Data & Population Health:
Security & Privacy Challenges & Solutions
10 a.m. – 11 a.m.
Big data and population health are critical to the success of the “Federal Health IT Strategic Plan 2015-2020,” and yet, there are major security and privacy challenges that are only beginning to be addressed. This panel will consider how big data is being used and some of the key security and privacy implications for population health as well as some of the solutions that address them.
Dave Snyder, Chief Information Security Leader, Director of Information Security & Risk Management Offices, Independence Blue Cross
Jay Orler, Vice President, Infrastructure & Security, Lightbeam Health Solutions
Pamela Clarke, Director, Member Services & Policy, HealthShare Exchange of Southeastern Pennsylvania
Coffee / Tea Break
11 a.m. – 11:15 a.m.
Law Enforcement Update:
Cybercrime & Healthcare
11:15 – Noon
Ten months before Anthem disclosed it was breached, the FBI warned the healthcare industry that they were under heightened risk of being the target of cyber attacks. This update from law enforcement will cover the most important past and current cybercrime activity from the law enforcement perspective.
Ben Stone, Supervisory Special Agent, Federal Bureau of Investigation
Noon – 1 p.m.
Mobile Health, Apps & HIT Innovation:
Security & Privacy by Design
1 p.m. – 2 p.m.
With $7B invested in healthcare IT ventures last year, innovation in mobile health, healthcare apps & healthcare IT is burgeoning. Too often data security and privacy is an afterthought, as the FDA’s Safety Communication concerning cybersecurity vulnerabilities in the Symbiq Infusion System illustrates. Speakers will discuss how they are innovating & protecting data at the same time. These are models for innovation & product development that every investor should insist upon.
Lisa Clark, Partner, Duane Morris, moderator
Winston Krone, Managing Director, Kivu Consulting
Dr. Tama Copeman, Founder & CED, Alcyone*7
Adrian Talapan, Co-Founder & CEO, Haystack Informatics, a CHOP & DreamIt Ventures Company
Nikhil Thakur, Regulatory Policy Advisor, Food & Drug Administration
Joshua Budman, Founder & CEO, Tissue Analytics
Security & Privacy Controls:
Implementation in the Real World
2 p.m. – 3 p.m.
On paper, security plans can be compelling, but the reality of constrained resources and the “human factor” makes implementing and maintaining the required controls a challenge. This is especially true when you factor in company culture, human resource policy, training and issues of employment law. This panel discusses real world solutions that bridge the gap between security and privacy plans and how they are implemented in the real world.
Noelle Conners, Hospital Compliance Officer, St. Christopher’s Hospital for Children
Mark Eggleston, Health Partners Plans
Colin Morgan, Global Information Security Manager & Information Officer, Johnson & Johnson
Sandra A. Jeskie, partner, Duane Morris – moderator
Tea / Coffee Break
3 p.m. – 3:15 p.m.
CIOs & Healthcare Cyber Risk Management:
Another New Cyber Liability Insurance Frontier
3:15 – 4 p.m.
“CIOs generally should expect to be sued in increasing numbers over cybersecurity issues,” says an attorney quoted in a recent Wall Street Journal article. How do cyber liability insurance solutions respond? Do they fill in for D&O exclusions? This panel discussion between insurance carriers, attorneys and brokers will discuss these and other important new questions healthcare organizations and their CIO’s should be asking.
Josh Ladeau, Allied World Assurance Company
Neeraj Sahni, Willis FINEX N.A.
Live Tabletop Exercise:
Healthcare Data Security Incident Response
This final panel of the day will step through an Incident Response Tabletop Exercise, based on a healthcare data security / privacy incident scenario. The interactive exercise will engage the audience in the process and challenge the panel members as they run through the decision-making process as a security / privacy incident unfolds. Attendees will have the chance to ask questions as participants make decisions based on imperfect information and identify areas of concern for organizations dealing with protected healthcare information.
Winston Krone, Kivu Consulting
Jamie L. Sheller, NetDiligence
Mark Eggleston, Health Partners Plans
Dave Snyder, Independence Blue Cross
Josh Ladeau, Allied World Assurance
Meet the Faculty & Sponsors
5:01 p.m. – 6:30 p.m.