Two-Day EHR Governance Symposium

Cybersecurity: Risk Mitigation and Preparedness Strategies
for Health Care Professionals

Wednesday, March 14 & Thursday, March 15, 2018
Long Beach, California

Cyber-attacks are on the rise and health care organizations continue to be targeted. Criminal attacks have become a root cause of recent data breaches. Governing the security, integrity, privacy, and content of the electronic health record is the responsibility of HIM and HIT professionals. Establishing safeguards to protect the organization’s greatest asset – protected health information – is imperative. Learn risk mitigation strategies and breach prevention best practices from industry experts. This symposium will provide an operational response to dealing with a cyber-attack and prepare HIM and HIT professionals with the tools necessary to respond.

For best prices register by March 1. Advance registration is open through March 8.

Traveling from out of town? Make a room reservation at the Hilton Long Beach.

  • CHIA discounted room rate is $189 plus tax, available through February 23. Or call 800-HILTONS and reference group code CH2 and the event name.

Day One Agenda

Date: Wednesday, March 14, 2018 at 8:15am - 4:00pm
CEUs: Approved for 6 units. HIIM Domain: Privacy & Security

Schedule Program Title & Description
7:00 am Registration
8:15 am Introductions
8:30 am Cyber Protection Planning for Health Care Systems

Michael Sohn, Supervisory Special Agent, Federal Bureau of Investigation

-FBI Explanation (Who we are, Why we’re here, Why we care about health care)

-The Cyber Threat defined (Financially motivated, Non-financially motivated, Naton-state)

-Why is health care the most popular target of cyber-based actors

-What can health care organizations do PRIOR to an incident

-What should they do when an incident occurs?

-What to do after an attack

-Crystal ball outlook on Cyber Security

9:30 am Medical Breach Enforcement by the State of California

John Beardsley, MBES Section Chief, California Department of Public Health

Overview of the functions and findings of the California Department of Public Health-Licensing & Certification (CDPH-L&C), Medical Breach Enforcement Section (MBES). Function of the MBES to investigate violations of unauthorized access to, and use or disclosure of patients medical information at CDPH licensed facilities and by individuals in the State of CA. Findings discovered by the MBES and best practices that licensed facilities can learn from our investigations.

10:15 am Break
10:30 am Preparedness and Responding to a Cyber Attack

Stephen Giles, MBA, Chief Information Officer, Hollywood Presbyterian Medical Center

Becoming a victim of a cyber attack is highly likely. Being prepared can help minimize an attack from happening, minimize its impact and enable one to respond.

11:15 am Using the OCR Audit Protocol as a Tool for Compliance

David Holtzman, JD, CIPP/G, Vice President, Compliance Strategies, CynergisTek, Inc.

Today’s healthcare marketplace makes it hard to safeguard health information privacy and security. In this presentation, attendees will be empowered with the knowledge what reviewers of HIPAA privacy and security compliance are looking for in an audit or compliance review. The program will identify tools that can help prepare an organization for a HIPAA audit or compliance review.

12:00 pm Lunch (Box lunch is included)
1:00 pm Cyber Incident Recovery Panel Discussion
1:45 pm Cybersecurity Incident Breach Assessment, Notification and Regulatory Reporting Compliance

David Holtzman, JD, CIPP/G, Vice President, Compliance Strategies, CynergisTek, Inc.

When a cybersecurity incident strikes, your organization needs to have a well thought out, practiced plan to identify, respond, and handle incidents. This session will explore a cybersecurity breach assessment, notification to individuals or business partners and identifying the reporting requirements for each jurisdiction in which the organization operates.

2:45 pm Break
3:00 pm Cybersecurity – What HIM Professionals Need to Know to Avoid Unwanted Hackers

Debi Primeau, MHA, RHIA, FAHIMA, President, Primeau Consulting Group

Identify the top cybersecurity issues haunting health care facilities with tools on how to establish a privacy and security protection plan that will help prepare their facility build the best cybersecurity defense possible. The audience will understand how HIM Professionals can lead in minimizing the risk to patients and organizations through risk analysis, risk mitigation, training, and communication. In addition, the audience will learn how organizations with updated systems, a good defense strategy, advanced detection capabilities, precise policies and procedures, as well as trained and aware staff have a much better chance against cyber-attacks. The audience will benefit from this presentation’s thorough instructions for preparing and preventing dreaded cyber-attacks.

REGISTER FOR DAY ONE ONLY

Day Two Agenda

Date: Thursday, March 15, 2018 at 8:15am - 4:00pm
CEUs: Approved for 6 units. HIIM Domain: Privacy & Security

Schedule Program Title & Description
7:00 am Registration
8:15 am Introductions
8:30 am Phishing Workshop

John Nye, CISSP, LPT, CHE, ECSA, Vice President, Cybersecurity Strategy, CynergisTek, Inc.

During this phishing workshop, we will discuss the phishing threat, recent examples in health care, best practices, how to identify a phish, and provide tools to assist attendees in providing education when they return to their respective organizations.

10:00 am Break
10:15 am Application of Quality Tools for Risk Management of Electronic Health Record Related Errors

Deborah Collier, RHIA, Director HIM/Privacy Officer, Barlow Respiratory Hospital

There are benefits and challenges with increased adoption of Electronic Health Records (EHRs). Unintended consequences have emerged with association to EHR related errors. The application of quality tools are effective for detecting, monitoring and mitigating patient safety concerns associated with EHR related errors. Explore essential quality tools that can be integrated with risk management and quality improvement.

11:00 am Risk Analysis - Ransomware Style

Ann Chang, CISSP, Chief Compliance Security Officer, UCLA Health System

What are you going to do when they come for you? Every email you open, every website you visit could lead to ransomware spreading throughout your institution and shut you down. Learn how to assess your environment for ransomware preparedness.

12:00 pm Lunch (Box lunch is included)
1:00 pm Table-top Exercise: OMG, they encrypted the CT scanners! Handling Ransomware Incidents

Ann Chang, CISSP, Chief Compliance Security Officer, UCLA Health System

Check how well prepared you are for a ransomware incident by working through some table top ransomware scenarios in small groups. Will you stay in business or will it be game over?

1:45 pm HIM Ransomware Readiness and Response

Gloria Ruiz, MBA, RHIA, CPHQ, Executive Director, Quality Professional Services, and Tiffany Williams, RHIT, EHR Data Integrity Supervisor, Pacific Alliance Medical Center

Recently, there has been upsurge in seminars discussing how to protect and prevent cybersecurity threats, but what do you do when it happens to your organization? This session provides a unique opportunity for attendees to hear from HIM Professionals who have lived through one of the reported Top 11 Biggest Healthcare Cyberattacks of 2017. We will analyze the decisive actions the department and facility took in preparation of, during, and post a significant unscheduled downtime. Outcomes, Best Practices and Lessons Learned will be discussed.

2:45 pm Break
3:00 pm Cyber Protection Planning for Healthcare Systems

Michael Clark, Senior Vice President and General Manager, Nuance Healthcare

The very nature of cyberattacks is changing—they are faster, more sophisticated and potentially more destructive. As the severity of incidents increases, an evolving skillset to defend health systems in this new cyber reality is vital to maintaining continuity of patient care. This session will explore the ways hospitals can protect patient records, data and information systems from a large-scale, systemic disruption.

REGISTER FOR DAY TWO ONLY

Single Day Registration Fees:

Member Type Early-bird

(by March 1)

Regular

(after March 1)

On-site

(after March 8)

CHIA Member $179 $229 $259
AHIMA Member in CA

(includes CHIA membership)

$229 $279 $309
Non-Member $249 $299 $329

Register for Day One
Register for Day Two

Register to Attend Both Days and SAVE

Member Type Early-bird

(by March 1)

Regular

(after March 1)

On-site

(after March 8)

CHIA Member $279 $329 $359
AHIMA Member in CA

(includes CHIA membership)

$329 $379 $409
Non-Member $419 $469 $499

Register for Both Days

Thank you to our event co-sponsors

Nuance Cynergistek Primeau Consulting Group, Inc.