Event Overview
Currently, questions of health information security and medical privacy are of utmost importance in the United States. Hardly a day goes by that we do not see a featured article or publication about some aspect of medical privacy, or a story about a security breach.
High quality health care requires individuals to share sensitive personal information with their doctors and other healthcare professionals. This information is necessary to make the most accurate diagnoses and provide the best treatment. It may be shared with others, such as insurance companies, pharmacies, researchers, and employers, for many reasons. If patients are not confident that this information will be kept confidential, they will not be forthright and reveal accurate and complete information. If healthcare providers are not confident that the organization that is responsible for the healthcare record will keep it confidential they will limit what patients add to the record. Either of these actions is likely to result in inferior healthcare. The privacy and security of personal health information has become a major public concern.
Program
| Time | Session | ||||||
| 9AM-10AM CST | Securing Health Information in the Cloud | ||||||
| Abstract: As more organizations consider a shift in their data storage methods, this session will identify concerns as well as opportunities to improve the security and privacy of health information in the "cloud". Our presenter will offer a prescriptive approach for new audit and compliance processes. This session will also discuss how security products and services to aid cloud computing are changing rapidly. Learning Objectives:
|
|||||||
| 10:30AM-11:30AM CST | Risks Associated with Medical Devices and Mobile Medical Devices | ||||||
| Abstract:As mobile devices become more common in clinical settings, security risks, including patient safety issues and delivery of medical information to caregivers needs need to be understood and evaluated. In addition to discussing the current threats and risks associated with mobile devices, this session will review the ECRI Institute’s Top 10 Hazards in Healthcare for 2012 as well as the Manufacturers Disclosure Statement for Medical Device Security (MDS2). Learning Objectives:
|
|||||||
| 12 Noon-1PM CST | HIPAA and HITECH in the Real World Provided by Kroll Fraud Solutions |
||||||
| Abstract:The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. To implement this mandate, OCR is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance over the period of November 2011 through December 2012. Kroll presents three experts in the fields of policy interpretation, practical application, and privacy and security who will share lessons learned and pitfalls to avoid in the quest for successful implementation and preparation for audit. Learning Objectives:
|
|||||||
| 1:30PM-2:30PM CST | Dynamic Conversations about Privacy and Security in Health Information Exchange | ||||||
| Abstract: As states, through the state HIE program, and more communities are implementing Health Information Exchange, each of these communities must engage in a dialog about the privacy and security policies and procedures they will be implementing to ensure confidence from their patients and providers that information is secure and protected. This interactive session which provides three different perspectives on the topic, discusses the conversation that occurs not only before implementing HIE, but also once it is up and running. Topics covered include aspects of Privacy and Security covered in typical HIE agreements, policy around privacy and protections and how that is being considered from both a federal and local level, and finally technical solutions for enacting policies. Learning Objectives:
|
|||||||
| 3PM-4PM CST | Best Practices in Identity Management | ||||||
| Abstract:This presentation will provide executive decision makers in a provider setting methods to identify best practices in building a successful program of patient identity management. Issues addressed will range from executive sponsorship, budget, management, and staffing, including tools and methods for measuring performance. Two patient identity management case studies will be presented: one in a single hospital organization and the other dealing with integrating a complex health system. Learning Objectives:
|
|||||||
Feisal Nanji
Tom Walsh, CISSP 
Dennis M. Seymour, CISSP, PMP 
Jason Straight, Esq 
Mark Gianturco, PhD
Grant Peterson, JD 
Deven McGraw
Irene Koch
Dr. Iain C. Sanderson, BM, BCh, MSc 
Nancy Farrington, CHAM, MBA
Lorraine Fernandes, RHIASponsored by:
Lorraine Fernandes, RHIA
Global HC Industry Ambassador
IBM Information Management
Lorraine Fernandes joined IBM through the recent acquisition of Initiate Systems, Inc., (Initiate) in March 2010. Ms. Fernandes is a recognized leader in the healthcare IT industry. A prolific published author, she has written numerous articles on the impact of using health information technology for the improvement of individual and population health. Lorraine has in depth knowledge and frequently speaks on topics of data exchange, data quality and patient identification related to patient safety, electronic health records and customer satisfaction. During 12 year tenure with Initiate, Lorraine served as vice president and healthcare ambassador to its global strategic clients. Now, her role will expand to address IBM Information Management Solutions for healthcare as she continues to be the principal liaison with US and international professional and industry agencies and IBM clients. Lorraine is a recipient of the AHIMA Discovery Award and CHIA Distinguished Member Award.
Feisal Nanji
Executive Director
Techumen, LLC
Mr. Nanji is the Executive Director at Techumen. He has extensive experience in developing and creating security programs for health, financial services, and core infrastructure clients. Overall, Feisal has over 20 years of experience in technology strategy and information security. Feisal was with Ernst & Young from 2003 – 2008. At Ernst & Young, Feisal led the National Application Security service line. While there, Feisal led a team to analyze and help remediate application and network security weaknesses for a Health Provider with an installed base of three million Electronic Health Records (EHR). This is perhaps the largest private (non-governmental) installation of an EHR system in America. Feisal holds degrees from Harvard University and the University of Notre Dame. He has held the accreditation of Certified Information Security Systems Professional (CISSP) since 2003.
Deven McGraw
Director, Health Privacy Project
Center for Democracy & Technology
Deven McGraw is the Director of the Health Privacy Project at the Center for Democracy & Technology (CDT), http://www.cdt.org/issue/health-privacy, where she promotes policies that protect individual privacy as personal health information is shared electronically. Ms. McGraw was appointed by HHS Secretary Kathleen Sebelius to serve on the federal Health Information Technology (HIT) Policy Committee, and she chairs its Privacy and Security Workgroup (called the “Tiger Team”). She is member of the Markle Foundation’s Connecting for Health Steering Group and the eHealth Initiative’s Leadership Council. She received her JD magna cum laude from the Georgetown University Law Center and received her Master of Public Health from Johns Hopkins University.
Irene Koch
Executive Director
Brooklyn Health Information Exchange (BHIX)
Irene M. Koch is the Executive Director of the Brooklyn Health Information Exchange (BHIX), a regional health information organization in New York City. In that role, which she has held since the formation of BHIX in 2007, she oversees the activities and strategic initiatives of BHIX. Ms. Koch served as Associate General Counsel at Maimonides Medical Center in Brooklyn, from 1996-2006. Previously, she was Assistant Counsel with the New York State Department of Health in the Bureau of Professional Medical Conduct (1994-96) and a litigation associate at Willkie Farr & Gallagher (1989-1994). Ms. Koch earned a J.D. from Fordham University School of Law and a B.A. from Cornell University.
Dr. Iain C. Sanderson, BM, BCh, MSc
Chief Medical Information Officer for the Center for Health Quality (CHQ)
Director of the South Carolina Clinical and Translational Research Institute's (SCTR) Biomedical Informatics Program
Dr. Iain C. Sanderson, BM, BCh. MSc, is the Chief Medical Information Officer for the Center for Health Quality (CHQ), and the Director of the South Carolina Clinical and Translational Research Institute’s (SCTR) Biomedical Informatics Program. CHQ is one of several funded SC Centers of Economic Excellence affiliated with Health Sciences South Carolina (HSSC). Sanderson's primary role is to oversee the development of the clinical informatics infrastructure for HSSC and to lead a program providing informatics services to support research through MUSC’s Clinical and Translational Science Award. Among the ongoing projects are a Clinical Data Warehouse, an Enterprise Master Patient Index, an electronic IRB application, a researcher portal, a Clinical Trials Management System and various tools and websites to support the research enterprise.
Tom Walsh, CISSP
Tom Walsh Consulting, LLC
Tom Walsh, CISSP, is president of Tom Walsh Consulting, an Overland Park, Kan.-based firm that advises healthcare organizations on risk management strategies. He has conducted numerous courses on HIPAA compliance. Walsh serves as information security officer at San Antonio Community Hospital on an outsourced basis. He is one of the authors of a new book, “Information Security in Healthcare: Managing Risk,” published by the Healthcare Information and Management Systems Society.
Dennis M. Seymour, CISSP, PMP
Chief Security Architect
Ellumen, Inc.
Dennis Seymour has over 15 years of healthcare-specific security experience, including 12 years of experience at the enterprise level for the Department of Veterans Affairs, Veterans Health Administration, including positions of Technical Security Advisor, Information Security Officer, and responsibilities of policy development, system controls assessment and certification, and medical device security policy development and compliance with HIPAA, NIST, FISMA, and other requirements. Dennis served as a member of the Health Information Management & Systems Society (HIMSS) Privacy and Security Steering Committee from 2003 to 2005 and 2011 to 2013, the HIMSS Medical Device Security Task Force since 2004 including over 3 years as Chair or Co-Chair, and URAC Accreditation Committee for HIPAA Privacy & Security from 2003 to 2006. Dennis holds certifications as a Certified Information Systems Security Professional (CISSP) and Program Management Professional (PMP), and has managed projects for the Department of Veterans Affairs funded in excess of $16M annually and $36M over the course of the contract.
Jason Straight, Esq.
Managing Director, Cyber Security & Information Assurance
Kroll Fraud Solutions
As a managing director, Jason Straight provides expert knowledge and outstanding service to attorneys, IT professionals, compliance officers and risk management personnel in the areas of electronic discovery, computer forensics, information security, and investigation support. Straight has also held positions including legal consultant and regional manager at Kroll and has been involved in or overseen dozens of complex engagements concerning alleged securities fraud, intellectual property theft, federal antitrust investigations, white-collar crime, network intrusion incidents, loss of sensitive personal information, and all manner of internal corporate investigations.
Mark Gianturco, PhD
Chief Information Officer
DSH Mgmt Solutions
Mark D. Gianturco is a nationally recognized technologist with over 25 years of industry experience in multiple disciplines, including technology management, software development, design, systems architecture and information technology. He holds a BS in Computer Science from the College of William and Mary, as well as a Masters in Information Systems and a PhD in Information Technology from George Mason University. He is a senior member in key technology groups, including the ACM, IEEE and Washington CTO Roundtable, and has earned professional accreditations in management and technology, including the PMP and MCSD certifications.
Grant Peterson, JD
HIPAA Privacy & Security Consultant
HIPAA Analytics
Grant Peterson, J.D., leads the HIPAA Analytics consulting team. A skilled subject matter expert in HIPAA privacy and security, Grant has more than 10 years of experience as Chief Compliance Officer and consultant providing strategic compliance planning, compliance program audit and healthcare compliance implementations.
Nancy Farrington, CHAM, MBA
NAHAM Policy Development /Government Relations Committee
EMPI Administrator - Main Line Health System
Born in NYC, Nancy’ healthcare career spans several decades with responsibilities including the dietary department of Lenox Hill Hospital, the Coagulation Lab & Medical Records Department at University of Michigan Hospital, the Director of Patient Access Services at Bryn Mawr Hospital and, the EMPI Administrator for Main Line Health in suburban Philadelphia. She is a graduate from Herbert H Lehman College of the City University of NY with an MBA in Healthcare Administration for St Joseph University in Philadelphia. Ms Farrington has been active in both local and national professional organizations. She is past-president of the National Association of Healthcare Access Management
Event Sessions Available
To access this virtual event recording, visit the HIMSS eLearning Academy.