
HIPAA/HITECH
The American Recovery and Reinvestment Act includes a HITECH section that spells out tougher healthcare privacy and security regulations.

Nicholas Heesters
Attorney, Senior advisor for Cybersecurity, HHS Office for Civil Rights
Nicholas Heesters is a certified information privacy professional with over 25 years of experience supporting technology and information security efforts in many diverse industries including financial services, government, defense, education and healthcare. He earned a Master of Engineering in Computer and Software Engineering from Widener University and his Juris Doctor from the Widener University School of Law. Currently, Heesters works for the U.S. Department of Health and Human Services Office for Civil Rights supporting HIPAA compliance and enforcement activities.
Cybersecurity and Patient Privacy in Healthcare: The Balancing Act
Jennings Aske - New York-Presbyterian , Steve Chabinsky - White & Case , Joshua Corman - Healthcare Sector , Mark Eggleston - Health Partners Plans , Marianne Kolbasuk McGee - HealthcareInfoSecurity , Dave Summitt - H. Lee Moffitt Cancer Center and Research Institute • •
Start this Session
Jennings Aske
CISO, New York-Presbyterian
Aske is the CISO for New York-Presbyterian. Prior to this he was VP Information Security & Chief Security Officer of Nuance Communications as well as Chief Information Security and Privacy Officer of Partners HealthCare. Prior to Partners, Aske was the Chief Information Security Officer for UMass Memorial Hospital. Aske was also the Chief Information Security Officer for the Commonwealth of Massachusetts's Executive Office of Health and Human Services, responsible for coordinating information security across the 16 state agencies. Aske is a licensed attorney in the Commonwealth of Massachusetts.

Steve Chabinsky
Global Chair of Data, Privacy and Cybersecurity, White & Case
Steve Chabinsky is an attorney and global chair of data, privacy and cybersecurity, White & Case, commissioner of the President's Commission on Enhancing National Cybersecurity, and former deputy assistant director for cyber at the FBI. He serves as a commissioner on the President's Commission on Enhancing National Cybersecurity, is the cyber columnist for Security magazine, and holds an adjunct faculty position at George Washington University. Chabinsky is a frequent corporate speaker on cyber risk mitigation, and has testified numerous times before the House and Senate on cybersecurity matters. His career includes having served in the Federal Bureau of Investigation as deputy of the Bureau's Cyber Division and Chief of its Cyber Intelligence Section. He can be followed on Twitter @StevenChabinsky.

Joshua Corman
CISA, Chief Strategist, Healthcare Sector
Joshua Corman is a Founder of I am The Cavalry (dot org), and serves as Chief Strategist for CISA regarding COVID, healthcare, and public safety. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon’s Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.

Mark Eggleston
VP, CISO and CPO, Health Partners Plans
Eggleston is vice president, CISO and chief privacy officer at Health Partners Plans, a Philadelphia-based HMO. He leads the maturation of various security technologies and privacy initiatives and manages a business continuity and disaster recovery program. Eggleston started his professional career serving as a program manager and psychotherapist at a hospital serving children and adolescents. Later, he helped develop a HIPAA privacy and security compliance program for a geographically dispersed healthcare provider organization and later at a local health plan, before moving to his current role.

Marianne Kolbasuk McGee
Executive Editor, HealthcareInfoSecurity, ISMG
McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Dave Summitt
CISO, H. Lee Moffitt Cancer Center and Research Institute
Summitt is CISO of the H. Lee Moffitt Cancer Center and Research Institute, Tampa, Fla. Summit has more than 25 years of experience in IT across the federal and private sectors with a focus on information systems, network and engineering operations and cybersecurity initiatives. Before entering the healthcare sector, Summitt had a 21-year federal career with the Department of Defense where he held various roles including the Naval Sea Systems Command's Technical Representative for a major missile defense program, security data custodian, Information Systems Security Officer, Data and Configuration manager and Change Control chairman for several military programs.
The Evolving Regulatory Environment and Its Impact on Privacy and Security of Online Medical Records
Vikrant Arora - Hospital for Special Surgery , Marianne Kolbasuk McGee - HealthcareInfoSecurity , Mitch Parker - Indiana University Health System , Iliana Peters - Polsinelli , Anahi Santiago - Christiana Care Health System • •
Start this Session
Vikrant Arora
CISO, Hospital for Special Surgery
Vikrant Arora is a credentialed business leader with more than 15 years of experience in developing enterprise security and risk management programs in the healthcare, government and education sectors in North America and Asia. In his former role as the assistant vice president and chief information security and risk officer at NYC Health & Hospitals, an integrated system of 11 hospitals, clinics, nursing homes and home care in New York City, Arora is focused on security strategy, business risks, regulatory compliance and securing clinical systems as well as biomedical devices.

Marianne Kolbasuk McGee
Executive Editor, HealthcareInfoSecurity, ISMG
McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Mitch Parker
CISO, Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.

Iliana Peters
Shareholder, Healthcare Security, Polsinelli
Iliana Peters currently serves as a shareholder at Polsinelli, charged with championing healthcare security on behalf of the firm. She previously served as the Acting Deputy Director of Health Information Privacy at the Department of Health and Human Services' Office for Civil Rights. In this role, she is the national lead for OCR enforcement of the HIPAA Rules, and works closely with OCR's ten regional offices to promote compliance with and enforcement of the HIPAA Rules. Additionally, Peters supports many other OCR policy and outreach initiatives, including rule-makings, compliance initiatives with other federal agencies, and training, including of the State Attorneys General. Prior to joining the team in D.C., she worked as an investigator in Region VI in Dallas, Texas. Prior to joining OCR, Peters worked in private practice in Texas.

Anahi Santiago
CISO, Christiana Care Health System
As Christiana Care Health System's Chief Information Security Officer, Anahi Santiago is charged with providing strategic direction and oversight to a comprehensive security program, policy development, standards and controls implementation, training and awareness, regular risk assessment and mitigation, as well as partnerships with internal and external auditors. She also regularly collaborates with state and federal regulatory bodies and actively contributes to proposed state and federal regulations that govern privacy and information security. Before joining Christiana, Santiago provided similar support for the Albert Einstein Healthcare Network at a director level.

Jack Lewin, MD
Founder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care
John C. (Jack) Lewin, MD is Principal and Founder of Lewin and Associates LLC, a consulting organization focused on launching health start-up companies and on developing policy and advocacy positions for health sector companies and government. He also currently serves as Chairman of the National Coalition on Health (NCHC) of Washington DC, a highly respected national advocacy organization representing 90+ national health sector organizations with collectively over 150 million members. His prior roles include serving as President and Chief Executive Officer of the Cardiovascular Research Foundation (CRF). He has advised two Presidents of the United States as part of a rewarding career in health care, public health, and public policy. Lewin has also served as CEO of the American College of Cardiology (ACC), CEO of the California Medical Association (CMA), where he also advised two Governors and the state legislature on health policy. He was also Hawaii's Director of Health, and a Commissioned Officer in the United States Public Health Service.

Jonathan Cohen
Vice President, Strategy & Corporate Development, Enterprise Business Unit, Synchronoss
Cohen has 22 years of IT strategy and solution management experience, focused on developing transformational technology solutions for enterprise clients in finance, healthcare, and life science industries. An experienced management consultant and IT strategy executive, Cohen's expertise is in IT transformation, enterprise architecture, and developing industry solutions that leverage market trends in Cloud and Big Data. Recently, Cohen was the Americas lead for application transformation at EMC Global Services where he led EMC clients to modernize their application portfolio and maximize the impact of Cloud transformation programs. Prior to EMC, Cohen held consulting leadership roles at BusinessEdge Solutions and Paragon Computer Professionals where he led enterprise content management, collaboration and knowledge management, and information management strategy.

Deven McGraw
Former Deputy Director of Health Information Privacy, Department of Health and Human Services' Office of Civil Rights
McGraw was the acting chief privacy officer and deputy director of health information privacy at the Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA. Previously, she was a partner at the law firm Manatt, Phelps & Phillips LLP, where she co-chaired its privacy and data security practice. Earlier, she was director of the health privacy project at the Center for Democracy & Technology, a consumer advocacy group. For six years, McGraw served as an adviser to HHS on health data privacy and security issues. She served on the Health IT Policy Committee, which advises HHS' Office of the National Coordinator for Health IT, and co-led the committee's Privacy and Security Workgroup as well as its Information Exchange Workgroup.

Ofer Elzam
Director Product Management, Sophos
Elzam leads the Sophos UTM/NGFW product line, bringing 20 years of product management and security experience at companies such as Cisco, ScanSafe, and SafeNet where he held senior product management positions. He has brought to market several innovative security products in areas of network, content security, and AV, and holds several relevant patents. Recently he has been focused on UTM and NGFW innovations to make network security simpler and more effective, and extending it to the Cloud. Elzam has worked on defining security solutions for healthcare systems while at Cisco, as BYOD and IoT were emerging.

Adam Greene
former Regulator, U.S. Department of Health and Human Services; Partner, Davis Wright Tremaine LLP
Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. He primarily counsels health care providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Greene was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, he was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Greene is the Chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues.

Kate Borten
President, The Marblehead Group
Borten, founder of The Marblehead Group, provides her clients with expertise in security, privacy, and health IT from over 20 years inside the healthcare industry. In the 1990s she led the enterprise-wide security program at Massachusetts General Hospital; and as Chief Information Security Officer, she established the first information security program at Beth Israel Deaconess Medical Center and CareGroup in Boston. Borten is a nationally-recognized expert on HIPAA and health information privacy and security, a frequent speaker on these topics, and author of tools and books including HIPAA Security Made Simple (HCPro 2013). The Marblehead Group, founded in 1999, provides HIPAA privacy and security risk assessments, compliance auditing, training, and solutions to the healthcare industry. Clients include the full range of providers, health plans, and business associates.

Adam Greene
former Regulator, U.S. Department of Health and Human Services; Partner, Davis Wright Tremaine LLP
Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. He primarily counsels health care providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Greene was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, he was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Greene is the Chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues.

Joey Johnson
CISO, Premise Health
Johnson, CISO of Premise Health, Brentwood, Tenn., has more than 15 years of cybersecurity experience. Premise Health was formed as a result of the merger of Take Care Employer Solutions - a former subsidiary of Walgreen Co. - and CHS Health Services. Johnson formerly served as chief security officer for the U.S. Department of Commerce - Office of Computer Services, and held various security and network architecture roles leading the design and implementation of complex enterprise networks for airports, hospitals, universities and federal agencies.

Lee Penn
Chief Financial Officer, HIPAA Privacy Officer, Medicare Compliance Officer, and a member of the Risk Management Team, PDHI
Penn is Chief Financial Officer, HIPAA Privacy Officer, Medicare Compliance Officer, and a member of the Risk Management Team at PDHI. PDHI is a technology services organization that develops and distributes the ConXus Platform, a SaaS application, for delivering workplace wellness and population health management programs. The ConXus Platform achieved certification without CAPs under the HITRUST CSF Assurance Program in February, 2015. Penn joined PDHI after holding financial management positions at the S/L/A/M Collaborative, Yale University and Xerox Corporation. Penn holds a bachelor of science degree from Cornell University and a master's of business administration degree from the University of Connecticut.

Jared Rice
Director of Health Informatics, Wellness Corporate Solutions
Rice began at WCS as a Wellness Coach and Clinical Content Manager in October 2010 and transitioned to run the Health Informatics department in July of 2013. He holds a Master's degree in nutrition, is a board certified Registered Dietitian / Nutritionist and a Certified Health and Fitness Specialist with the American College of Sports Medicine. Over the last two years Rice has played a critical role at WCS translating internal and external business needs into innovative technology installations that drive automation, scalability, quality and integrity.

Lisa Shaner
Principal Information Security Analyst, Cummins Engine Inc.
Shaner is a Principal Information Security Analyst who has worked for various manufacturing and pharmaceutical companies since 1985. She currently works for Cummins Engine Inc., specializing in assessing third party security, privacy, and compliance risks. Shaner is from a small Midwest town in Indiana and calls herself a "Hoosier". In her spare time she gives back to her community by volunteering for the American Red Cross as a board member and a disaster relief team member.

Cris Ewell
CSO and CPO, NRC Health
Ewell, PhD, is CISO at University of Washington Medicine. Previously, he was CISO of Seattle Children's Hospital. Before that, he served as the director of information security operations at the University of Washington, chief security officer for PEMCO Corp. and chief technology officer for Breakwater Security.

Alexander Hughes
Director of Platform Security Strategy & Execution, Kaiser Permanente
Alex has 15 years of experience in product and business management at technology-based firms in diverse fields, including health care, the military, international banking, and mass market consumer at companies such as Salon, CNET, Wells Fargo, and the Royal Bank of Scotland group. He currently guides Kaiser Permanente's engagement with critical emerging technologies such as Mobile, Cloud, and Big Data with a recent focus on technology creation. In 2014, he filed two new patent applications drawn from his original Mobile Made Easy solution design, which won Kaiser Permanente's Technology Risk Office Innovation Challenge in 2012. In March 2015, he was awarded patent 8,984,607 for his work in transactional authentication design. Alex has degrees from Oxford University's Said School of Business, University of California at Davis and holds CISSP and GCIH certifications.

Joey Johnson
CISO, Premise Health
Johnson, CISO of Premise Health, Brentwood, Tenn., has more than 15 years of cybersecurity experience. Premise Health was formed as a result of the merger of Take Care Employer Solutions - a former subsidiary of Walgreen Co. - and CHS Health Services. Johnson formerly served as chief security officer for the U.S. Department of Commerce - Office of Computer Services, and held various security and network architecture roles leading the design and implementation of complex enterprise networks for airports, hospitals, universities and federal agencies.

Mor Ahuvia
Authentication Product Marketing Manager, Gemalto
Ahuvia, Authentication Product Marketing Manager at Gemalto, is entrusted with studying the identity and access management market, and relating the value of Gemalto's next-generation authentication solutions to business and technical decision makers and channel partners. Prior to joining SafeNet, she served as a Cybercrime Communications Specialist for RSA FraudAction for nearly five years, reporting the latest findings from the forefront of online threats research to customers, partners and the media with insights on malware, phishing, and the cybercriminal blackmarket.

William Hudson
Chief Healthcare Strategist, VMware
Hudson joined VMware in December 2012; in this role he is responsible for working with clients enabling them to achieve their strategic outcomes through the implementation of VMware's solutions. Prior to working at VMware he led the Kettering Health Network technology team where he served as the CTO and provided technology leadership. During his tenure at KHN he served as the technical project director and architect for the system-wide Epic implementation and directly led the following teams: infrastructure computing, network and telecom, end user computing, integration and development, security and the support center. He has over twenty-four (24) years of information systems experience of which more than 17 years have been focused in the healthcare industry. Prior to KHN he led the CTG Healthcare Solutions Advanced Technology Practice for five years, worked as a healthcare strategist with HealthLink, and also spent time at Cerner where he led the Global Technology Practice.

Mitch Parker
CISO, Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.

David Szabo
Partner & Chair - Healthcare Practice Group, Locke Lord LLP
Szabo is a Partner in the Corporate and Transactional Department, and a member of the Healthcare and Privacy Groups. He represents hospitals, integrated delivery systems, home care companies, and other healthcare service providers. He also represents healthcare information technology companies and life sciences companies. Szabo has extensive experience in healthcare licensing and regulation, reimbursement, fraud and abuse compliance matters, and the structuring of joint ventures. He regularly advises clients on Stark Law and Anti-Kickback compliance matters. His practice also includes the privacy and information security law applicable to healthcare providers, health plans, technology vendors, and other organizations. He advises non-profit organizations on general corporate matters, tax, and governance issues.

Kate Borten
President, The Marblehead Group
Borten, founder of The Marblehead Group, provides her clients with expertise in security, privacy, and health IT from over 20 years inside the healthcare industry. In the 1990s she led the enterprise-wide security program at Massachusetts General Hospital; and as Chief Information Security Officer, she established the first information security program at Beth Israel Deaconess Medical Center and CareGroup in Boston. Borten is a nationally-recognized expert on HIPAA and health information privacy and security, a frequent speaker on these topics, and author of tools and books including HIPAA Security Made Simple (HCPro 2013). The Marblehead Group, founded in 1999, provides HIPAA privacy and security risk assessments, compliance auditing, training, and solutions to the healthcare industry. Clients include the full range of providers, health plans, and business associates.

Mitch Parker
CISO, Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.

Tom Field
Senior Vice President, Editorial, ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Marianne Kolbasuk McGee
Executive Editor, HealthcareInfoSecurity, ISMG
McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.
- «
- 1 (current)
- 2
- 3
- »
- «
- 1 (current)
- 2
- 3
- »
Session Contributors
former Regulator, U.S. Department of Health and Human Services; Partner, Davis Wright Tremaine LLP
Read BioFormer Deputy Director of Health Information Privacy, Department of Health and Human Services' Office of Civil Rights
Read BioFounder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care
Read BioVice President, Strategy & Corporate Development, Enterprise Business Unit, Synchronoss
Read BioActing Manager - Security & Integration Group, National Institute of Standards and Technology (NIST)
Read Bio