Tuesday, September 07, 2010


 
CONTACT US

For Speaker Information:
 

Interwork Media Inc.
Timothy Downs
30211 Banderas, Suite 200
Rancho Santa Margarita, CA 92688
E. tdowns@interworkmedia.com
T. 949-766-6785
 
  Print  

DAY ONE - OCTOBER 14, 2010 Minimize
8:00 am
Registration Opens
Continental Breakfast and Networking
 
GENERAL SESSIONS: The Foundations for a Sustainable Information Security Strategy
 
9:00 am
Opening Remarks
Remarks from the Conference Chair; including the state of the HIT industry; how HITECH compliance can be viewed in a comprehensive, sustained strategy for data security.”
Mike Ahmadi, HIPAA HITECH Security Specialist, GraniteKey (HISec’10 Conference Chairman)
 
9:15 am
Summary and Review: HITECH Healthcare Technology
The HITECH guidelines, part of the American Recovery and Reinvestment Act of 2009, established significant incentives for healthcare providers to implement electronic health records systems. In addition, it made important changes to the Health Information Portability and Accountability Act (HIPAA) and conferred new jurisdiction on the Federal Trade Commission related to personal health information when it is held by certain entities that are not covered by HIPAA. This program will explore HITECH Act provisions that involve security and privacy of patient information, and new regulations and amendments to existing rules that were necessitated by HITECH. Attendees will learn about:
  • HITECH Act and issues related to electronic health records
  • Certification standards related to security and privacy
  • Meaningful Use standards related to security and privacy
  • Amendments to the HIPAA Security and Privacy Rules
  • Breach disclosure regulations promulgated by HHS and the FTC
  • The place of the regulations in the healthcare process
    Don M. Blumenthal, DMB Associates
    Michael (Mac) McMillan, Chair, HIMSS Privacy and Security Steering Committee; CEO, CynergisTek Inc.
10:15 am
Assessing The Cyber Threat Situation
This panel of industry leaders provides a realistic assessment of the current threat situation for healthcare providers, covered entities and their business partners. Is the threat today one of impending cyber-intrusion or should the topic of information security be considered solely a topic for compliance. 

10:45 am
Networking Break

11:00 am
The New Regulatory Landscape ;HIPAA/HITECH and the move toward E-Health
With the continuing pronouncements coming from ARRA/HITECH Act that refine the definitions and the conditions of participation in a world of increased exchange of patient information, electronic health records, and more emphasis on patient safety and pay-for- performance, there is a ongoing stress being put on the criticality of strong security and privacy practices to achieve and maintain successful implementation. In an emerging environment of increased enforcement and penalties, the salient features of this accelerated move toward electronic healthcare and what healthcare organizations and their business associates need to be doing in safeguarding ePHI to realize the full benefit in this evolving landscape will be discussed.
John Parmagiani, Principal, John Parmagiani & Associates

11:30 am
Security Policies Beyond the Federal Government
 Although the HIPAA HITECH amendments require health care providers and organizations to implement security into their practices and systems, the specifics of how this is to be accomplished at the state and/or local level are not established. This session will explore the work and methodology of the California Privacy and Security Advisory Board (CalPSAB) Security Committee, and discuss how they have addressed the requirements HITECH through their activities
David Minch, HIPAA/HIE Project Manager, John Muir Health

12:00 pm
Responding to FTC and OCR Inquiries about Security Compliance
Now that security incident notifications must be sent to HHS, health care entities and their service providers must be prepared to justify to OCR and potentially the FTC their information security protocols. OCR and the FTC have already coordinated in health sector enforcement actions, and state attorneys general have enforcement authority under the revised rules. In this session, you will receive practical tips in responding to regulators’ inquiries as well as guidance on what to expect during a formal action.
Peter McLaughlin, CIPP, Foley & Lardner LLP


12:30 pm
Lunch Break

1:30 pm
Non-Repudiation – What is it? Why does it matter?
Many security experts consider the concept of non-repudiation a cornerstone of secure information exchange. Many of those who live outside the security world are unfamiliar with the concept, and why it matters. This session will explain non-repudiation in an easily digestible manner, explain why it is important, and discuss methods for implementing and managing it within health care systems.
Robert (Bob) Jueneman, Chief Scientist, Spyrus
 
2:00 pm
Implementing Controls to Safeguard Portable Devices
The Department of Health and Human Services continues to report an extraordinary number of data breaches. On close examination, the bulk of these breaches are related to the loss or theft of improperly secured portable devices. Many healthcare facilities continue to struggle to secure the various device types available to clinical staff. This presentation will focus on developing plans and deploying appropriate safeguards to reduce the risk of exposure in the event of a loss or theft.
Terrell Herzig, Information Security Officer for the UAB Health System and HIPAA Security Officer for the UAB Campus system
 
2:30 pm
Security Fundamentals: Introduction to Healthcare Identity Management
Secure authentication and identification are essential for the exchange of personal health information. Secure information exchange is not possible without accurate identification of healthcare professionals and patients. Smart card technology offers a practical and cost effective solution. This presentation will discuss some of the challenges in healthcare identity management and best practices for healthcare identity management.
Matthew Neuman, Manager, Business Development, Giesecke & Devrient

3:15 pm
Networking Break

3:30 pm
Transmission Security Guidelines & Solutions
Transmission security is a key component of the technical safeguards. This session explores solutions for CEs to implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

4:00 pm
Field Tested HIPAA Encryption Strategies for State Governments
Encryption is the single safe harbor with regards to the HITECH HIPAA Breach Notification regulation. This presentation will discuss the highly successful HIPAA Full Disk Encryption and File Folder Encryption projects managed for the State of Connecticut.

4:30 pm
Roundtable: Developing and Implementing Contingency Plans
Effective contingency planning, execution and testing are essential to mitigate the risk of system and service availability. These sessions focus on the HIPAA Security Rule contingency planning requirements as well as practical strategies to implement contingency plans.

5:30 pm
Hosted Reception
Print  

DAY TWO -- OCTOBER 15, 2010 Minimize

8:00 am
Registration Opens
Continental Breakfast and Networking

GENERAL SESSIONS: The Foundations for a Sustainable Information Security Strategy

9:00 am
Opening Remarks
Remarks from the Conference Chair; including the state of the HIT industry; how HITECH compliance can be viewed in a comprehensive, sustained strategy for data security.”
Mike Ahmadi, HIPAA HITECH Security Specialist, GraniteKey (Conference Chairman)

9:15 am
ROUNDTABLE: Partner, Security Vendors and Software Solutions -- Choosing and Implementing the Right Security Solution
For most information security problems, there is no single product or process that healthcare companies can implement to take care of their new security obligations. As a result, the market for EHR security vendors and software suppliers is growing in anticipating of the demand for their products, services and support. This session offers a primer on the community of information security and software, and how to navigate the organizations to identify the solutions that are most appropriate for your need.
Michael (Mac) McMillian, Chair, HIMSS Privacy & Security Steering Committee; CEO, CynergisTek Inc.

10:00 am
Meeting the Privacy and Security Meaningful Use Requirements to Achieve Fully Functioning EHRs and HIEs
This presentation provides a foundation to discuss implementation issues with providers, insurers and other covered entities, as well as what expectations of vendors, outsourcing partners.
David Reitzel, Health Sciences Practice Leader, Deloitte

10:30 am
Networking Break

10:45 am
Health Information Security Contracting Issues:
This session examines what information technology and security companies need to know when entering into business relations with health care entities. In any transaction involving technology or intellectual property, there are often three or four agreements that give parties rights and obligations related to PHI and IIHI. Most often these agreements conflict with each other and are often inconsistent with HIPAA, HITECH Act, and State patient privacy laws. The problem is exacerbated when the agreements are enterprise-wide and cover various States with different patient privacy laws. This presentation examines methods of resolving conflicts of these laws in the area of information security.

  • Common contract language that is problematic;
  • Appropriate language to include in contracts to help solve the problem;
  • Operational issues (policies and procedure and employee training)
Tallien Perry, Esq., Health Law Practice

11:15 am
Transmission Security Guidelines & Solutions
Transmission security is a key component of the technical safeguards. This session explores solutions for CEs to implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

11:45 am
CASE STUDY: Good Security Practices in Use Today
HITECH mandates that good security practices are used by hospitals, doctors’ offices, insurance companies, billing companies, and the myriad other groups that touch sensitive medical data. This session offers a review the practices employed by a leading healthcare firm, including security solutions, HIT infrastructure, processes and more.
Greg Porter, Information Security Consultant - Allegheny Digital, Adjunct Professor, Health Care Information Security and Privacy, Carnegie Mellon University

12:15 pm
Managing Security with Outsourcing Partners
Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information (EPHI) and to prevent those workforce members who do not have access from obtaining access to electronic protected health information.
Peter Hesse, President, Gemini Security Solutions

12:45 pm
Lunch Break

1:00 pm
Securing Remote Access
How far does the medical practice extend? To the home, cabin, airport or cyber-café? Are some technologies more useful, supportable, secure or manageable than others for providing remote access? What are some methods for centralizing and automating administrative processes? How can Network Access Control make remote access services more secure? The panel will explore these questions and offer practical advice and strategies to managing remote access risks in AMCs that know no boundaries. Attendees will hear perspectives on remote access risk management and see examples of risk mitigation.

1:30 pm
Mobile computing and removable storage device security
Big data losses, including the loss that kicked off the VA security policy changes, have been high profile events and have led to a new level of attention to securing laptops. In this session we’ll explore practical approaches and security solutions to securing laptops, convergent technology devices and media. We’ll also discuss the appropriateness of technical controls vs. “soft” controls, e.g., policy, education & awareness training. We’ll include suggested outlines of business considerations for an enterprise laptop encryption solution with an eye toward contracts & licensing, centralized management & reporting, key escrow, user considerations rollout and integration with other


2:00 pm
Measuring the success of your security programs: Information security metrics
Standards-driven security programs require metrics to evaluate controls effectiveness. Measures across the business lines of medicine, research, education and administration (includes finance, for-profit entities, insurance companies, etc.) and mapped against risk are needed to provide the data necessary to manage programs. The challenge with security metrics is measuring what’s prevented and doesn’t occur. This session will outline good metrics characteristics and include examples that meaningfully measure controls effectiveness

2:30 pm
CONFERENCE CONCLUDES
Print  

Copyright 2008 by Interwork Media Inc.