| Session title |
Track |
Short Description |
| E-Discovery Update |
Plenary |
This session will explore the emerging issues and solutions around the legal discovery process as it affects electronic records. Policies and practices about record retention, selecting appropirate records in response to an e-discovery action, protecting the AMC while responding in good faith and other relevant issues will be covered. |
| Regulatory Exchange |
Plenary |
Potential changes in regulations that affect AMC privacy nd security practices are always keen points of interest. Interest is increased at the start of a new federal administration- both for AMC and for the regulators. Come hear AMC leaders describe their regulatory interests to key privacy and security regualtors and listen to the regulators describe the agenda in their areas of responsibility. Bring your own concern the the Q&A portion of the session. |
| Conflict and synergy in privacy and security practices and policies between AMCs and their associated Universitites. |
Plenary |
Many AMCs are closely associated with a university and negotiate privacy and security practices in the context of this association in order to reduce costs, simplify policy, and smooth practice. But, AMCs and universities have differing priorities that give rise to needs for some difference in policy and practice (e.g. patient privacy vs. academic freedom) This session explores how such AMCs negotiate their policy and practice connections in the areas of privacy and security with their associated universities. |
| The role of computer forensics in managing legal and business risk |
Security |
Collecting, preserving and examining electronic evidence for admission in court is becoming the rule with technical investigations in AMCs. In this regard the information security function works with, and supports, other corporate risk management functions—legal, external counsel, human resources, audit, compliance, and physical security. Lawsuits, research misconduct incidents, financial fraud and serious personnel matters warrant investigative diligence and rigor. This session will outline essential tools of the trade, chain of custody and the importance of working together with other corporate risk management groups. |
| PCI- DSS Strategy |
Security |
The Purchase Card Industry Data Security Standards have many new requirements that many AMCs are finding challenging such as encryption of data at rest and third party vulnerability testing. The typical AMC has dozens to hundreds of such accounts. Is your AMC compliant? Can you put the fines on your credit card? Objectives for the session include a high-level understanding of requirements, conducting a risk analysis and sizing the work, developing a policy and cross-departmental / cross site team(s) to conduct compliance work, and developing a process to ensure ongoing compliance and streamline evaluation of new merchant accounts. |
| Mobile computing and removable storage device security |
Security |
Big data losses, including the loss that kicked off the VA security policy changes, have been high profile events and have led to a new level of attention to securing laptops. In this session we’ll explore practical approaches and security solutions to securing laptops, convergent technology devices and media. A companion session in the Compliance Track will cover policy/training etc. Discussion of appropriateness of technical controls vs. “soft” controls, e.g., policy, education & awareness training. Include suggested outline of business considerations for an enterprise laptop encryption solution, for example: |
| Measuring the success of your security programs: Information security metrics |
Security |
Standards-driven security programs require metrics to evaluate controls effectiveness. Measures across the business lines of medicine, research, education and administration (includes finance, for-profit entities, insurance companies, etc.) and mapped against risk are needed to provide the data necessary to manage programs. The challenge with security metrics is measuring what’s prevented and doesn’t occur. This session will outline good metrics characteristics and include examples that meaningfully measure controls effectiveness. |
| CMS & OIG HIPAA Security Rule enforcement (so you're being audited, what do you do?) |
Security |
Many AMCs have noted recent announcements and press communiqués related to increased HIPAA Security reviews. This session will offer practical advice to prepare for the G-Men. With the understanding that these reviews will focus top-down on how entities have incorporated the requirements into holistic security programs rather than taking a typical bottom-up audit approach, the session will discuss some of the most important aspects of an information security program from a regulatory context: assigned responsibility, overall risk analysis and risk management, documentation and ongoing assurance of program effectiveness and appropriateness. |
| Legal aspects for offshoring |
Security |
International business ventures raise information security challenges requiring mitigation through administrative processes such as creative contracting, third-party security certifications and strong information security – legal partnerships to manage risks associated with international jurisdiction and asset ownership and control. The session will explore existent international standards, best practices and the trust relationships necessary to make them work. |
| Securing Remote Access |
Security |
How far does the medical practice extend? To the home, cabin, airport or cyber-café? Are some technologies more useful, supportable, secure or manageable than others for providing remote access? What are some methods for centralizing and automating administrative processes? How can Network Access Control make remote access services more secure? The panel will explore these questions and offer practical advice and strategies to managing remote access risks in AMCs that know no boundaries. Attendees will hear perspectives on remote access risk management and see examples of risk mitigation.
|
| Late-breaking session |
Security |
Emerging security threats or similar. |
| Health Information Sharing: A Plethora of Compliance, Privacy and Security Issues for AMCs |
Compliance/
Governance |
AMCs are bombarded with requests for PHI from many different sources- RHIOs, IHEs, Health information Registries, Health Information Trusts/Banks, Benchmarking and other Information Sharing Requests Some requests are justified as related to patient care, quality assurance or public health concerns. Others are questionable. Panelists and participants will discuss the myriad of common requests for sharing PHI and their approach to resolving which ones to participate in and how to carry out participation in a secure manner using the minimum necessary information. |
| Information Management – How are AMCs dealing with Compliance Issues associated with Specially- Protected Data. |
Compliance/
Governance |
Federal and state laws provide for higher restrictions in use and disclosure of certain types of information such as Risk Management, Communicable Disease, Mental Health and other Sensitive Data from both the federal and state regulatory landscape? These types of information must be separated from other types of PHI and protected and disclosed with more care than typical PHI. Discussion will include ways in which to electronically separate information, monitor disclosures, and secure the information from inadvertent or deliberate mis-use or disclosure. |
| Best Practices for Compliance |
Compliance/
Governance |
AMCs face many challenges with respect to compliance. How are we organized for Compliance? How do we Educate about Compliance? How do we Audit Compliance? How do we reach all members of the staff, including physicians? Panelists and participants will exchange ideas for organization of compliance departments and policies, methods of educating throughout our organizations, and the best ways to audit compliance training efforts. |
| AMC Security, Policy and Training Responses to Protecting Sensitive Data in an Ever-Increasing Environment of Mobile Devices and Removable Media. |
Compliance/
Governance |
Staff leave flash drives in the coffee shop and laptops in unlocked cars. What’s an AMC to do? This is a companion to a technical session on mobile security in the Security Track. Share best practices for policies and education associated with mobile devices and removable media. |
| Tools for More Efficient and Effective Compliance: The What, How and How Much; Ways to improve Compliance ROI |
Compliance/
Governance |
Tools exist to assist AMCs in tracking and enforcing compliance. Panelists will provide information on available tools and their cost, and how to use the tools to your best advantage.
|
| E-Discovery: An Update on Impacts on Information Management and best practices |
Compliance/
Governance |
Now that we understand a bit more about how e-Discovery works, how can we best manage our information to respond appropriately? Will we be able to efficiently respond to legal requests? This is a companion to the E-Discovery session in the Plenary Track. |
| Compliance Issue Free-for-All – All You’ve Ever Wanted to Know about Compliance Issues in Information Management, but were Afraid to Ask |
Compliance/
Governance |
A facilitated group discussion about pressing issues facing AMCs in compliance and governance issues. |
| Late-breaking Issues |
Compliance/
Governance |
Emerging compliance/governance issues. |
| CTSA Initiative: Impact on AMC privacy and security |
Research |
Science is more collaborative and complex. CTSA will require highly interactive human networks to share information in new ways. How are AMCs addressing the security and privacy issues inherent in the infrastructures that will be required? |
| Integrating Research Systems into New Collaborative Environments |
Research |
As research moves into a more networked environment of sharing organizations will need to find ways to incorporate old systems into flexible and ever expanding future environments. Often the security around these systems does not scale to these new demands |
| FISMA Compliance: Exploring the AMC impact |
Research |
Federal Information Security Management Act of 2002 has many components, but most relevant to AHCs is a consistent framework for information security across the entire federal government. FISMA is intended to provide information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information |
| VA Information Security Policy and Clinical Research Policy |
Research |
In 2007, the Department of Veterans Affairs implemented a privacy and information technology security policy and data security requirements for all research within the VA. How has this affected AMCs who work closely with Vas on research? |
| Managing Shared Resources for Collaborative Research |
Research |
Strides in Biomedical research portals to share information and support research will require organizations to develop methods to manage this information is secure manner. |
| Genetic Privacy and Personalized Medicine: the Impact on AMC Research |
Research |
One aspect of personalize medicine is to bring research and clinical information together to predict potential aspects of a persons future health. There has been a great deal of press around personalized medicine and its potential benefit to society. However progress has lingered due to the many unaddressed privacy and security issues related to incorporating such sensitive information as genetic markers into patient records. |
| Privacy and Security in International Research |
Research |
As clinical trials move overseas AMC need to consider the mechanisms and policies to ensure that patient privacy and confidentiality are preserved while delivering a repository of medically rich information for the purposes of scientific research. |
| Privacy and Security Aspects of Clinical Trials |
Research |
AMCs are creating vibrant sites for translational medicine and using clinical trials systems to their advantages. This session explores some of the issues and best practices in this area. |
| Late-breaking Issues |
Research |
Emerging privacy and security issues in medical research |
