4A Healthcare Data Security & Privacy

Transcription

1 4A Healthcare Data Security & Privacy Symposium 2015 Banner Program Leaders Ben Goodman Developed in collaboration with Lisa Clark Conference Mission Health and medical regulators are promising audits and tougher enforcement while law enforcement warns that health data is under attack. Meanwhile, there is no shortage of solutions promising to protect data and prevent breaches, but not enough resources or even time in the day to review all the options. Of course, cyber security is not just an IT problem. It is a risk management problem that requires an interdisciplinary team approach. And that s what inspired the mission for this event. Ben Goodman, 4A Security & Compliance V11

2 Chairs & Speakers Ben Goodman Lisa W. Clark CEO 4A Security & Compliance Partner, Head of Firm s mhealth Interdisciplinary Group Duane Morris LLP Samantha Billy Pamela E. Clarke Senior Professional Risk Broker Aon Risk Solutions Dir. Member Services & Policy HealthShare Exchange of Southeastern Pennsylvania Noelle P. Conners Patricia Q. Connolly Hospital Compliance Officer St. Christopher s Hospital for Children Dr. Tama Copeman Founder & CEO Alcyone*7 Alcyone*7 John M. Neclerio Partner Duane Morris LLP Executive Director Center for Corporate Governance Drexel University LeBow College of Barbara Holland Regional Manager Office for Civil Rights U.S. Department of Health & Human Services Winston Krone Managing Director KIVU Consulting Inc.

3 Speakers J. Mark Eggleston Josh Ladeau Vice President, CISO & Privacy Officer Health Partners Plans Practice Lead Privacy & Network Security Allied World Assurance Co. Colin Morgan Global Information Security Manager & Information Security Officer Johnson & Johnson Jay Orler Vice President Infrastructure & Security Lightbeam Health Solutions Dave Snyder Chief Information Security Leader, Director of Information Security & Risk Management Offices Independence Blue Cross Jaime L. Sheller Product Manager for the Breach Coach Cyber Portal & Privacy Ethics Consultant NetDiligence Ben Stone Adrian Talapan Supervisory Special Agent Federal Bureau of Investigation Haystack Informatics Co-Founder and CEO A CHOP & DreamIt Ventures Company Nikhil Thakur Steve Alderfer Regulatory Policy Advisor Food & Drug Administration Director, IT Security Audit 4A Security

4 Agenda Time Topic Speakers 07:30 Registration & Breakfast 08:45 Opening Remarks Ben Goodman 4A Security & Compliance 09:00 10:00 Health & Human Services: Office of Civil Rights Update HHS OCR has seen significant change and a great deal of activity since the HIPAA Omnibus Final Rule came into effect. This year, pre-audit screening surveys were sent out to 350 covered entities and 50 business associates as part of Phase 2 of the HIPAA Audit Program. This session will provide an update on recent activity and what s on the horizon, and will explain impacts to Covered Entities, Business Associates and other stakeholders. n their value? Big Data & Population Health: Security & Privacy Challenges & Solutions Big data and population health are critical to the success of the Federal Health IT Strategic Plan , and yet, there are major security and privacy challenges that are only beginning to be addressed. This panel will consider how big data is being used and some of the key security and privacy implications for population health as well as some of the solutions that address them. than their value? Barbara Holland Office of Civil Rights U.S. Department of Health & Human Services Lisa Clark, moderator Duane Morris Dave Snyder Independence Blue Cross Jay Orler Lightbeam Health Solutions Pamela Clarke HealthShare Exchange of Southeastern Pennsylvania HHS Office of National Coordinator for Health Information - Pending confirmation 11:00 Break 11:15 12:00 Law Enforcement Update: Cybercrime & Healthcare Ten months before Anthem disclosed it was breached, the FBI warned the healthcare industry that they were under heightened risk of being the target of cyber attacks. This update from law enforcement will cover the most important past and current cybercrime activity from the law enforcement perspective. Lunch Ben Stone Federal Bureau of Investigation

5 Agenda Time Topic Speakers 01:00 Mobile Health, Apps & HIT Innovation: Security & Privacy by Design With $7B invested in healthcare IT ventures last year, innovation in mobile health, healthcare apps & healthcare IT is burgeoning. Too often data security and privacy is an afterthought, as the FDA s Safety Communication concerning cybersecurity vulnerabilities in the Symbiq Infusion System illustrates. Speakers will discuss how they are innovating & protecting data at the same time. These are models for innovation & product development that every investor should insist upon. Winston Krone Kivu Consulting Dr. Tama Copeman Alcyone*7 Adrian Talapan Haystack Informatics Nikhil Thakur Food & Drug Administration 02:00 Security & Privacy Controls: Implementation in the Real World On paper, security plans can be compelling, but the reality of constrained resources and the human factor makes implementing and maintaining the required controls a challenge. This is especially true when you factor in company culture, human resource policy, training and issues of employment law. This panel discusses real world solutions that bridge the gap between security and privacy plans and how they are implemented in the real world. Ben Goodman, moderator 4A Security Noelle Conners St. Christopher s Hospital for Children Mark Eggleston Health Partners Plans Colin Morgan Johnson & Johnson Steve Alderfer 4A Security 03:00 Break 03:15 CIOs & Healthcare Cyber Risk Management: Another New Cyber Liability Insurance Frontier CIOs generally should expect to be sued in increasing numbers over cybersecurity issues, says an attorney quoted in a recent Wall Street Journal article. How do cyber liability insurance solutions respond? Do they fill in for D&O exclusions? This panel discussion between insurance carriers, attorneys and brokers will discuss these and other important new questions healthcare organizations and their CIO s should be asking. Josh Ladeau Allied World Assurance Company John Neclerio Duane Morris LLP Samantha Billy Aon Risk Solutions

6 Agenda Time Topic Speakers 04:00 Live Tabletop Exercise: Healthcare Data Security Incident Response t This final panel of the day will step through an Incident Response Tabletop Exercise, based on a healthcare data security / privacy incident scenario. The interactive exercise will engage the audience in the process and challenge the panel members as they run through the decision-making process as a security / privacy incident unfolds. Attendees will have the chance to ask questions as participants make decisions based on imperfect information and identify areas of concern for organizations dealing with protected healthcare information. Ben Goodman, moderator 4A Security & Compliance Lisa Clark Duane Morris Winston Krone Kivu Consulting Patricia Connolly LeBow College of Business Jamie L. Sheller NetDiligence Mark Eggleston Health Partners Plans 05:00 Adjourn 05:01 Reception 4A & HB wishes to thank the sponsors and hosts!