Agenda – Day 2

Marissa Gordon-Nguyen is the Senior Advisor for HIPAA Policy in the Office for Civil Rights (OCR), U.S. Department of Health and Human Services (HHS). In this role, she leads the implementation of HIPAA privacy and security policies through rulemaking initiatives and the development of sub-regulatory guidance. She also advises federal agencies, advisory committees, and Congressional offices on aspects of the HIPAA Rules and their underlying privacy principles, among other responsibilities. Marissa joined OCR in 2009 to work on health information privacy policy.

Timothy Noonan is the Acting Deputy Director for Health Information Privacy, at the Office for Civil Rights (OCR), United States Department of Health and Human Services. The Health Information Privacy Division enforces the HIPAA Rules through investigations, rule-making and guidance, and outreach to the regulated community and to the public. Tim joined OCR as the Southeast Regional Manager in November 2013. Previously, Tim also served in OCR headquarters for approximately 1 ½ years as the Acting Associate Deputy Director for Operations and the Acting Director of OCR’s Centralized Case Management Operations. Prior to joining OCR, Tim was a Supervisory General Attorney for the U.S. Department of Education, Office for Civil Rights, and a shareholder in a Michigan law firm.

As Counsel at Davis Wright Tremaine, Dayna Nicholson focuses her practice on health care-related matters, such as licensing and other regulatory compliance, peer review and credentialing, and corporate and medical staff governance. Her clients include hospitals, medical staffs, managed care organizations, medical groups, medical device retailers, and other health care providers. Dayna also has experience in patient information privacy issues, appeals of state-issued administrative penalties, Medicare and Medi-Cal certification, emergency care requirements, and litigation arising out of peer review matters.

Dayna has significant experience counseling health care organizations regarding operational issues and regulatory and litigation matters. She has reviewed or drafted numerous policies, rules and regulations, bylaws, and other procedural documents, and regularly assists clients in interpreting and following such guidance. In the area of credentialing and peer-review, she is well-versed in state, federal and accreditation requirements, as well as the roles, responsibilities, and concerns of an organization’s leadership.

Tatyana Kanzaveli has gone from a programmer to senior executive to founder and CEO of a startup company along her 20 year career. She is recognized as a thought leader and mentor for her ability to guide Fortune 500 and startup companies through business challenges. She’s worked for major companies like PricewaterhouseCoopers and Fujitsu and startups in the early days of the Web. Today she is the founder and CEO of Open Health Network, the startup in a Big Data/Artificial Intelligence Healthcare space. She is a mentor at 500Startups and Richard Branson Entrepreneurs Centre and serves on the board for private companies. Tatyana has been featured in the White House blog, spoken at the United Nations, and presented at the first White House Demo Day hosted by President Obama.

John Mattison began his medical career at the UCSD and Scripps Clinic, where he practiced in many clinical settings including emergency services, primary care, critical care, preventive medicine, hyperbaric medicine, trauma and helicopter medicine.

He joined the SCAL region of Kaiser-Permanente in 1989, and was appointed as Assistant Medical Director and Chief Medical Information Officer (CMIO). He directed the largest and first deployment of KP HealthConnect, Kaiser-Permanente’s revolutionary program to improve the quality and safety of healthcare through the use of information technology. He is now the Chief Medical Information Officer and is on the faculty of Singularity University.

John is an active spokesman and proponent for international health data standards and was the founding visionary for the international XML standards for health record exchange resulting in the Clinical Document Architecture (CDA) and the Continuity of Care Document (CCD).

liana L. Peters is a shareholder for Polsinelli, PC. For more than twelve years, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations, as both the Senior Advisor for HIPAA Enforcement for over six years, and as Acting Deputy Director for HIPAA. As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon. She is excited to bring her extensive experience drafting, implementing, and enforcing health privacy and security regulations and guidance to a practice that focuses on helping clients develop and implement good data privacy and security practices to avoid risk, and helping clients prepare for and recover from emerging cyber threats.

Matt Farry is a Security Specialist at GreyCastle Security with over 10 years of experience in information protection assessments and controls implementation. At GreyCastle, Matt specializes in organizational risk assessments and remediation guidance based on industry standards and regulations including NIST SP800-53, ISO 27002, HIPAA, FERPA, PCI, and others.

Steve Cagle is the CEO and a board member of Clearwater, a leading provider of healthcare cyber risk management and HIPAA compliance solutions. Mr. Cagle is responsible for leading Clearwater’s strategic growth plan and for management of the company’s overall operations. He has extensive experience leading, innovating, and scaling healthcare and technology businesses, including having guided a number of companies through critical transformation periods. Formerly, Mr. Cagle was president and CEO of Moberg Pharma North America. Prior to its acquisition by Moberg AB, Mr. Cagle was president and CEO of Alterna LLC. Previously, Mr. Cagle was a principal and executive team member of Sparta Systems, Inc. Mr. Cagle serves as the executive chairman of CMP Pharma where he has guided its transformation to an institutionally owned specialty pharmaceutical company.

Andrew Clearwater serves as Director of Privacy at OneTrust. Mr. Clearwater is a Certified Information Privacy Professional (CIPP/US), holds an LLM in Global Law and Technology and is a licensed attorney. In his role as Director of Privacy, Clearwater provides counsel, leadership, and guidance on data protection. He is also responsible for providing public policy analysis in the areas of privacy, data security, information policy, and technology transactions.

Before joining OneTrust, Mr. Clearwater was the Privacy Officer for RxAnte. Clearwater also held privacy roles at the Future of Privacy Forum, as well as the Network Advertising Initiative. In addition, he made contributions to the NTIA mobile application transparency discussion, helped launch a privacy seal program for companies that use consumer energy data, participated as a member of the W3C Tracking Protection Working Group, and taught as an adjunct professor of privacy and technology law at the University of Maine.

Daniel Gottlieb is a Partner and Co-leader in the Global Privacy and Cybersecurity Practice at McDermott Will & Emery. He counsels a wide range of health care industry clients. Daniel advises health care industry clients in all aspects of software licenses and other agreements for the acquisition electronic health record (EHR) systems, enterprise resource planning systems, enterprise data warehouses and other mission critical health IT. Daniel also counsels health care clients regarding compliance with (HIPAA) and other federal and state privacy, security and breach notification laws as well as compliance with Medicare and Medicaid reimbursement, fraud and abuse laws, PhRMA’s Code on Interactions with Health Care Professionals and AdvaMed’s Code of Ethics on Interactions with Health Care Professionals.

Kate Heinzelman is a member of the Privacy and Cybersecurity, Healthcare, and Commercial Litigation groups at Sidley Austin. Her practice focuses on compliance counseling, incident-response, investigations, and regulatory matters in privacy/cybersecurity and healthcare. Before joining Sidley, Kate was Deputy General Counsel at the Department of Health & Human Services. Before joining the Department of Health & Human Services, Kate worked in the White House Counsel’s Office as Special Assistant and Associate Counsel to President Barack Obama. In this role, she advised the President and his Administration on national security, privacy and technology, energy, and environmental matters. Kate also served as Counsel to the Assistant Attorney General for National Security at the Department of Justice. Kate served as a law clerk to Chief Justice John G. Roberts, Jr. on the U.S. Supreme Court and Judge Merrick Garland on the U.S. Court of Appeals for the D.C. Circuit.

Nick Culbertson is the Co-Founder and CEO of Protenus, a leading healthcare compliance analytics platform. Nick is an eight-year U.S. Army veteran and completed his service as a highly decorated U.S. Special Forces operator (Green Beret). He was awarded two Bronze Star medals during his service, one for extraordinary valor. While serving in the U.S. Army, Nick specialized in human intelligence network gathering and analysis. He used this expertise in building behavioral profiles to co-found Protenus, which protects the data of patients at top health systems in the country from insider threats. In 2018, Protenus was named one of The Best Places to Work in Healthcare by Modern Healthcare Magazine, and one of the Best Places to Work in Baltimore by the Baltimore Business Journal. Nick speaks about leadership, entrepreneurship, and health data privacy at leading healthcare and investment conferences.

John Boles is a Principal in PriceWaterhouseCoopers’ Incident and Threat Management practice. His experience from over 27 years in federal law enforcement, national security, and cyber operations has given him a unique perspective on cyber security and risk.

John served in the FBI for over 20 years, conducting and leading investigations around the world, including cyber, fraud, terrorism, and violent crimes. As Deputy Assistant Director, in charge of FBI Cyber Operations, he oversaw the federal response to many of the more notorious cyber attacks in recent memory. He advised the White House and National Security Council on cyber-related issues and policies and has testified before Congress on cyber-crime issues. John also led the National Cyber Investigative Joint Task Force, a 19-agency team of US and allied intelligence agencies dedicated to national security investigations and response. He finished his career as Assistant Director. Prior to joining PwC, John led Navigant/Ankura’s global incident response.

Nicholas Heesters is Health Information Privacy Security Specialist, HIP Division in the Office for Civil Rights (OCR), U.S. Department of Health and Human Services (HHS). He is a certified information privacy professional with over 25 years of experience supporting technology and information security efforts in many diverse industries including financial services, government, defense, education and healthcare. Currently, Mr. Heesters works for the U.S. Department of Health and Human Services Office for Civil Rights supporting HIPAA compliance and enforcement activities.

Adam Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. Adam primarily counsels health care providers, technology companies, and financial institutions on compliance with health information privacy, security, and breach notification rules. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, Adam was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Adam has been recognized as one of the top ten influencers in health information security, one of the top 50 healthcare IT experts, and is a frequent speaker and author on health information privacy and security issues.

Rebecca Williams is a nationally recognized authority on HIPAA, health information privacy, and data breach response. As a registered nurse with hands-on experience in hospital and other health care environments, she brings a practical perspective to her practice. From initial development of HIPAA compliance programs to one-off questions to government investigations, Becky works with HIPAA covered entities and business associates to safeguard health information while keeping their businesses running efficiently. Becky’s clients include: health care providers; financial institutions and payment processors; cloud service providers; business associates; AI and technology developers; and health plans and plan sponsors. Becky is a frequent national speaker, is an author of numerous publications, including a contributing author of the HIPAA Portability, Privacy & Security Manual, published by the Employee Benefits Institute of America (a Thomson Reuters imprint), and regularly is quoted in the media.

Rob Theriot is the Director of Security Services at TraceSecurity, and feels the practices of making users more safe and secure with their personal data and transactions is extremely important in business. He has spent much of his career in the Financial Services industry, working with both large and small financial institutions across the country. His passion lies in the optimization of processes to ensure the security of an organization, and to optimize the way they comply with regulations. At TraceSecurity Rob oversees a team of computer security specialists dedicated to providing analysis of their customers infrastructure, which allows them to provide a more safe and secure environment for their customers. Their work centers around the NIST frameworks, with implications in Healthcare, Finance, and other industries.

Mike Semel is a noted thought leader, speaker, blogger, and the best-selling author of How to Avoid HIPAA Headaches. Mike has spoken to many audiences including the medical team at the Kennedy Space Center and the New York State Cyber Security conference. He is the President and Chief Security Officer of Semel Consulting, focused on HIPAA and other regulations; cyber security; and Business Continuity planning. Mike is a Certified Business Continuity Professional through the Disaster Recovery Institute, a Certified HIPAA Professional, Certified Security Compliance Specialist, and Certified Health IT Specialist. He has owned or managed technology companies for over 30 years; served as Chief Information Officer (CIO) for a hospital and a K-12 school district; and managed operations at an online backup company.

Ali Pabrai is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudia Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.

Tina Grande is Senior Vice President for Policy for the Healthcare Leadership Council (HLC). Ms. Grande oversees all policy-related matters pertaining to delivery systems, payment reform, health information technology, patient safety, and healthcare quality. She is also the Chair of the Confidentiality Coalition. Ms. Grande was a Policy Director at HLC in the late 1990s. She also served as Vice Chair of the Health Data Consortium’s Policy Committee. Prior to leading HLC’s policy efforts, Ms. Grande was Health Policy Director for Arnold & Porter LLP. Early in her career, Grande launched the Medicare Advisory Group, Inc. Ms. Grande launched her career in health policy working in the U.S. Senate for Senator David Durenberger (R-MN). From there she went on to work as a researcher for the Health Care Advisory Board, health policy analyst for Patton Boggs LLP, and research director at the Institute for the Future in California

Nancy Perkins, of Arnold & Porter LLP, advises clients on federal, state, and global data privacy law, particularly HIPAA and the HITECH Act. Nancy also assists clients on data security issues raised by mobile applications and other emerging technologies, and in responding to data security breaches. Ms. Perkins is the author of numerous articles on data privacy and security, is an Adviser on the American Law Institute’s forthcoming Principles of the Law, Data Privacy, and has been ranked for Privacy & Data Security by Chambers USA since 2009.

Mark Fox currently serves as the Privacy and Research Compliance Officer of the American College of Cardiology. Mark is responsible for oversight of the College’s privacy infrastructure and all areas of research compliance. Mark has overseen the development of the privacy infrastructure for the National Cardiovascular Data Registry. Prior to ACC, Mark worked for MedCath as an Implementation Specialist overseeing the standardization of systems for Performance Improvement, and Risk Management for thirteen acute care hospitals. Mark has both clinical experience as a Emergency Medical Technician and data management experience. He currently holds certifications in Healthcare Compliance, Healthcare Privacy Compliance, and Healthcare Research Compliance.

David Holtzman is an Executive Advisor for CynergisTek. He is considered a subject matter expert in health information privacy and compliance issues. David is a sought after public speaker, commentator and contributor regarding compliance and enforcement of health information privacy in the health care industry. Prior to CynergisTek, Holtzman served as a senior advisor for health information technology and the HIPAA Security Rule at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS). Prior to joining HHS, David was the privacy & security officer for Kaiser Permanente’s Mid-Atlantic Region.

Thora Johnson chairs Venable’s Healthcare Initiative. She provides counsel on regulatory, compliance, tax, and business matters impacting healthcare providers, hospitals, continuing care retirement communities, health insurers, group health plans, pharmaceutical and medical device companies, and digital health companies. She has a broad knowledge of traditional healthcare regulatory matters, including HIPAA privacy, security, and breach notification requirements; state health information privacy laws; Medicare/Medicaid compliance; and federal and state fraud and abuse rules. Thora has extensive experience in health and welfare plan compliance, including the regulatory requirements of ERISA, the Internal Revenue Code, federal and state healthcare coverage continuation laws, the Mental Health Parity and Addiction Equity Act, Genetic Information Nondiscrimination Act, the regulations under the Americans with Disabilities Act (ADA) applicable to employer wellness programs, and the ACA.

William Roberts is the Chair of Shipman & Goodwin LLP’s Privacy and Data Protection Practice. He focuses his practice at the intersection of privacy, technology and the law, with a particular emphasis on the health care and insurance sectors.

Tracey Scraba is the Vice President, Chief Privacy Officer at CVS Health. She has enterprise-wide responsibility for CVS Health’s privacy program including daily operations of the privacy office, development and implementation of privacy policies and procedures, monitoring privacy compliance, information governance, incident investigation and breach response and providing privacy and security legal support.

Prior to joining CVS Health, she was the Chief Privacy Officer at Aetna. She also served as Senior Privacy and Security Counsel, Behavioral Health Counsel and Counsel for National Accounts Retiree programs. Prior to her work at Aetna, Tracey worked at the law firm of Robinson & Cole in their health law practice.

Tracey is also a graduate of the Higher Ambition Leadership Institute (HALI), a year-long multi-session program that provides leaders the opportunity to develop their capabilities, as well as contribute to the advancement of their company’s mission and purpose.

Daniel Fabbri is an Assistant Professor of Biomedical Informatics and Computer Science at Vanderbilt University. His research focuses on machine learning applied to electronic medical records, clinical data and data privacy. Dr. Fabbri is also the Founder and CEO of Maize Analytics. Dr. Fabbri’s research has been sponsored by the National Science Foundation, National Institutes of Health and U.S. Department of Defense. He has been an invited speaker at the HHS Safeguarding Health Information Conference (2013), the National Academy of Medicine Digital Learning Collaborative (2017), and HHS “Data Min(d)ing: Privacy and Our Digital Identities” (2018). His research on machine learning in healthcare and data privacy has been published in JAMA Internal Medicine, the Journal of the American Medical Informatics Association, Journal of Pediatrics, International Journal of Medical Informatics, and multiple other computer science proceedings.