1 THE AMERICAN LAW INSTITUTE Continuing Legal Education Mobile Technology, Health Care, and Data Security: Minimizing the Risks and Leveraging the Benefits June 26, 2014 Telephone Seminar/Audio Webcast Mobile Technology, Health Care, and Data Security: Minimizing the Risks and Leveraging the Benefits - Power Point By Mark Greisiger NetDiligence Gladwyne, Pennsylvania Dominic A. Paluzzi McDonald Hopkins PLC Bloomfield Hills, Michigan Vinny Sakore Verizon HIPAA Security Office & ICSA Labs Mechanicsburg, Pennsylvania Alex Ricardo Beazley Group New York, New York
2 Mobile Technology, Health Care, and Data Security: Minimizing the Risks and Leveraging the Benefits an ALI CLE program What we are NOT doing today Providing Legal Advice Informational Purposes Only You should consult with Privacy Counsel for any decisions surrounding your Incident Response Plan or Data Breach Response Methodology 2
3 Mark Greisiger Mark Greisiger leads NetDiligence a Cyber Risk Management company. For 13+ years NetDiligence has been offering unique cyber risk assessment services to organizations of all sectors. Their service supports the data risk management & compliance needs for many businesses. NetDiligence supports the loss control needs of many US and UK insurers that offer cyber liability coverage. Mr. Greisiger is also to a frequently published contributor for various insurance & risk management publications on similar topics. Dominic A. Paluzzi Dominic regularly advises clients regarding data privacy and cybersecurity measures, drafting of written information security programs and incident response plans, and responding to data security breaches involving sensitive personal information and protected health information. When a data breach occurs, Dominic acts as a breach coach, ensuring a client s compliance and minimizing their exposure. He also works with federal, state and local authorities, as well as third party vendors, throughout the breach notification process. Moreover, Dominic litigates matters involving data security and data privacy, including defending single plaintiff and class action litigation. His work in this area covers a myriad of industries, including, education, healthcare, hospitality, retail, automotive, accounting, finance, information technology, staffing services, manufacturing, professional employer organizations, fleet services, franchising, drug and pharmacy, and insurance. Dominic is a frequent speaker and writer in data privacy law and regularly conducts Incident Response Workshops for clients and their data breach risk management teams. If you suspect that your business has suffered a data breach, call our Hotline: 855-MH-DATA1 (855-643-2821).
4 Alex Ricardo Alex Ricardo joined Beazley in April 2011 and is based in Beazley's New York City office. He is responsible for assuring BBR insureds take full advantage of the professional services made available to them to reduce their risk & liability profile prior to or in the event of a privacy breach incident. Alex graduated from the Stevens Institute of Technology with a Bachelor of Engineering degree. He has been in the privacy sector for fifteen years and is a Certified Information Privacy Professional (CIPP/US). Vinny Sakore Vinny Sakore, former CTO of Opti-Script & MT Audit, has twenty years of Healthcare IT experience. At Verizon he is a senior member of the HIPAA Security Office and leads the Cloud Security program at ICSA Labs. Prior to joining Verizon he was Immersion's Vice President of Business Development and assisted clients manage incident response for data breaches. ICSA Labs is an independent division of Verizon that provides security testing and certification services. At ICSA Labs he provides leadership support for the Healthcare IT testing programs and the Mobile Security program. Vinny is an active member of HIMSS, serving on two of the national privacy and security workgroups and recently completed a three year term as an officer and board of director for the Central Pa HIMSS chapter. He frequently speaks on numerous cyber security topics including breach response, cloud security, mobile security and HIPAA Security. In 2014 he will be speaking at both the HIMSS14 and RIMS14 national events along with a number of regional conferences including Net Diligence s Cyber Risk and Privacy Forums. Vinny is a graduate of Penn State University and is credential in privacy through IAPP.
5 What We Will Cover Today & Who Will Cover It 1. quantifying risk and exposure: litigation exposure, potential costs, and statistics regarding breach frequency (Alex) 2. mobile health technology today and how EPHI is compromised (Vinny) 3. mobile security BYOD and mobile app (Vinny) 4. cloud security vendor management, due diligence, DDOS attacks (Vinny/Mark) 5. HIPAA Omnibus Final Rule's impact on breach standards, risk assessment, business associates and covered entities, as well as recent OCR resolution agreements (Dominic) 6. OCR's security guidance on mobile devices and remote access (Vinny) 7. other Legal Standards: HIPAA, HITECH, And The FTC(Dominic) 8. state standards and new initiatives broadening the definition of personally identifiable information to include medical information (Dominic) 9. unique issues for self- insured entities related to their employees (Alex) 10. what you need to know about health information exchanges (Alex, along with the entire panel) 11. practical compliance and risk management strategies for mobile applications (Vinny, Mark) 12. cyber claims and loss trends impacting the healthcare sector (Mark, Alex) Quantifying Risk And Exposure: Litigation Exposure, Potential Costs, And Statistics Regarding Breach Frequency By Alex Ricardo