Agenda – Day 2

Reg Harnish is the CEO of GreyCastle Security, a leading cybersecurity risk assessment, advisory and mitigation firm headquartered in Troy, New York.
As CEO of GreyCastle, Reg is responsible for defining and executing the company’s vision. Under his leadership, the company has experienced six consecutive years of triple-digit growth and countless industry accolades. Today, GreyCastle Security is working with organizations in nearly every state in the U.S.

Reg is a nationally-recognized speaker and has presented at countless industry events. He was recently recognized as the 2017 Cybersecurity Consultant of the Year by the Cybersecurity Excellence Awards and he has been featured in Time, Forbes, CBS Nightly News, The Washington Post, Dark Reading and others.

Reg is a member of the Forbes Technology Council and a fellow of the National Cybersecurity Institute in Washington, DC.

Jana Aagaard is specializes in health care law, with emphases in health information privacy and technology and clinical research. Since 2002, she has worked for Dignity Health (formerly named Catholic Healthcare West) both as in-house counsel and of counsel. Dignity Health is the largest nonprofit health system in the western United States, with 39 hospitals in California, Arizona and Nevada. Ms. Aagaard is currently the lead attorney at Dignity Health for all health privacy issues; she advises Dignity Health on all aspects of state and federal health information privacy compliance requirements, health information exchange, the federal Electronic Health Record Incentive Program (“Meaningful Use”) and emerging health technologies.

Ms. Aagaard was an associate at Luce, Forward, Hamilton & Scripps in San Diego, CA before becoming in-house counsel at Sharp Healthcare (San Diego) in 1999.

Gayland Hethcoat is the Corporate Counsel – Operations at Dignity Health. Prior to joining Dignity Health, he was a Healthcare Associate with Barnes & Thornburg LLP. His past experience also includes an externship with McDermott Will & Emery and a judicial internship for the Honorable Leslie B. Rothenberg on the Florida Third District Court of Appeal.

Aftin Ross is a senior science health advisor/senior project manager in the Emergency Preparedness/Operations and Medical Countermeasures program at the FDA’s Center for Devices and Radiological Health (CDRH). In this role, she leads cross-disciplinary projects related to preparedness including medical device cybersecurity, respiratory protective devices, personal protective equipment, and incident response. Specifically, she has been a lead in CDRH’s medical device cybersecurity efforts spearheading the execution of two FDA public workshops, serving on various interagency cybersecurity work groups, managing CDRH’s MITRE cybersecurity contract, and engaging in policy development as a member of the CDRH cybersecurity workgroup. In June 2016, she completed the National Preparedness Leadership Initiative, an executive education program in the Harvard School of Public Health and Kennedy School of Government.

Dana-Megan Rossi leads the Product Security Policy & Strategy program at Becton Dickinson. Her work focuses on strategic cyber initiatives, partnerships and intelligence to enhance the security of product to customers by design, in use and through partnership. Ms. Rossi previously served as the Product Security Officer for Technology Solutions and Digital Health at BD. Before joining BD, Ms. Rossi managed the product cybersecurity incident response program at GE. In this role, Ms. Rossi led incident response coordination and preparedness, including PSIRT and crisis-level cybersecurity response plans and processes, drafted and led tabletop exercises, and coordinated multi-stakeholder security responses. Prior to GE, Ms. Rossi created and led a cybersecurity law & policy forum for in-house counsel, bridging the gap between legal counsel and IT professionals in security preparedness. Ms. Rossi currently serves as the Health Care and Public Health Sector Chief for InfraGard’s National Capital Region and is a member of the national Cyber Health Working Group.

Sheetal is an information security leader with expertise in information security management, IT risk governance and management, cyber-security tools and techniques, audit and investigation of physical and information systems and networks, business continuity, security awareness education and metrics, data privacy and compliance.

Certified in Information Privacy, Information Systems Audit, Security and Risk Management and Healthcare Compliance (CIPP/US, CISA, CISSP, CRISC, GIAC GSEC and CHC), Sheetal also has numerous product-specific certifications. including expertise in NIST risk management, COBiT information assurance and HITRUST frameworks.

Sue Wang is a Technical Lead of the Healthcare Sector Team in the National Cybersecurity FFRDC, National Cybersecurity Center of Excellence (NCCoE) at NIST. She has more than 25 years of experience in System Development Life Cycle (SDLC) and project management including architecture design, development, implementation, quality control, and web application systems. She is a subject matter expert in information system interoperability, software assurance, secure programming, static analysis, and software weaknesses and vulnerability research.

At the NCCoE, she supports the healthcare sector lead in the overall technical direction of healthcare-related projects, designing and building reference solutions including securing wireless infusion pumps and electronic health records on mobile devices. She is also instrumental in defining future projects.

Bob Chaput is one of the healthcare cyber risk management industry’s most innovative leaders, accelerating cyber risk management best practices in a more reproducible and efficient way. Chaput’s risk management analyses and insights are frequently featured in the country’s top healthcare and cybersecurity publications, industry association journals and popular news sources. Chaput works with hospitals and health systems of all sizes, including over 40 of the top Integrated Delivery Networks in the country. Under Chaput’s direction, Clearwater helps healthcare organizations identify and understand their risks in an efficient, effective and granular manner. The results not only help defend against current cyber threats but also positions organizations to build capabilities for self-sufficiency to defend against future cyber threats. Most recently, under his leadership, Clearwater was designated as Best in KLAS for 2018 for Cybersecurity Advisory Services for their SaaS-based software, OCR-quality solutions and professional services.

David Loewy is the Chief Information Security Officer at SUNY Downstate Medical Center with experience Regulatory, IT Risk Management and IT Security Policies. Previously, he was HIPAA Privacy & Security SME & Program Manager at Cleardata and MedCPU and CNA Insurance and ICD-10 Program Director at Hartford HealthCare. He was also ICD-10 Program Director for Hartford HealthCare.

Dr. Loewy is on the Board of Directors for Cape Fear Group Homes. He has earned PhDs in Computer Science and International Business and is a Certified Project Director with over 15 years professional experience in the healthcare industry. Dr. Loewy is a subject matter expert on HIPAA, Meaningful Use and ICD-10 (US, EC & Asia)

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security +, CCSFP, is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudia Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.

Tom Miller has over 20 years of experience in compliance program design, implementation and management. He has served as the Privacy and/or Security Officer for several public and private organizations. Tom has performed risk, threat, and vulnerability assessments and consultation for government and private entities across the nation and has developed response and mitigation plans to mitigate identified issues. He has served as the Privacy & Security Officer for the WV Department of Administration since early 2011 and has responsibilities over the regulatory compliance of the fifteen agencies within the Department including, but not limited to: the West Virginia Public Employees Insurance Agency, the WV Division of Personnel, the WV Consolidated Public Retirement Board, the WV Office of Technology, the WV Division of Finance, and the WV Public Employees Grievance Board. Tom has presented at numerous conferences and has taught on the undergraduate and graduate levels.

Cliff Baker is an industry leader in healthcare information technology, privacy and security, and has over 20 years of industry experience. In his dedication to the industry and passion to tackle many of its most challenging risks, Cliff has created solutions that are leveraged and used by organizations across the nation. He is the founder and CEO of two successful companies that provide information protection services to healthcare organizations including many of the nation’s leading provider, payer and business associate organizations. Cliff also led the creation the HITRUST framework, which is the most broadly adopted healthcare security and privacy framework in the industry. Cliff started his career with PricewaterhouseCoopers where he established and lead the firm’s first dedicated healthcare care security practice.

Tracy J. Griffin is a subject matter expert in healthcare compliance; specializing in privacy, security and information security risk management. Tracy has spent over 15 years working for multi facility healthcare systems. During her career, she has had the opportunity to serve in various leadership positions, be a founding leader of a new hospital and served as a subject matter expert in HIPAA compliance. Over the course of the past 7 years, serving as the Enterprise Director of Information Security Risk Management, Tracy has designed and implemented HIPAA auditing and Information Risk Management programs. She has a passion for ensuring that all emerging technologies that serve the organization’s patients are secure and compliant.

Alessandra Swanson is an Associate in Winston & Strawn LLP’s Chicago office. Ms. Swanson regularly counsels clients on all aspects of HIPAA compliance. She offers practical, business-focused advice for covered entities and business associates in a broad spectrum of industries to help them understand and meet their obligations under HIPAA. Prior to joining Winston, Alessandra spent five years with the U.S. Department of Health and Human Services–Office for Civil Rights (HHS-OCR). During her tenure with HHS-OCR, she was involved with a number of high-profile investigations and settlements.

Alessandra also dedicates a significant portion of her practice to providing advice on a range of other privacy, marketing, advertising, and intellectual property issues, with an emphasis on matters that implicate the collection, use, protection, and cross-border transfer of consumer information. Alessandra’s experience further extends to providing advice on software and mobile application development matters, end-user licenses, application service provider agreements, and software licensing matters.

Tina Olson Grande is Senior Vice President for Policy for the Healthcare Leadership Council (HLC), a coalition of chief executives of the nation’s leading healthcare companies and organizations. HLC advocates for consumer-centered health reform, emphasizing the value of private sector innovation. She is also Chair of the Confidentiality Coalition. Ms. Grande was asked back to HLC after a previous time at HLC as Policy Director in the late 1990s.

Prior to leading HLC’s policy efforts, Ms. Grande was Health Policy Director for Arnold & Porter LLP. Ms. Grande was founder of the Medicare Advisory Group, Inc.

Ms. Grande launched her career in health policy working in the U.S. Senate for Senator David Durenberger (R-MN). She was also a researcher for the Health Care Advisory Board, health policy analyst for Patton Boggs LLP, and research director at the Institute for the Future in California.

Nancy Perkins, of Arnold & Porter LLP, advises clients on federal, state, and global data privacy law, particularly HIPAA and the HITECH Act. Nancy also assists clients on data security issues raised by mobile applications and other emerging technologies, and in responding to data security breaches. A graduate of Harvard Law School and Harvard’s Kennedy School of Government, Ms. Perkins is the author of numerous articles on data privacy and security, is an Adviser on the American Law Institute’s forthcoming Principles of the Law, Data Privacy, and has been ranked for Privacy & Data Security by Chambers USA since 2009.

Katherine Downing is AHIMA’s Vice President Information Governance, Informatics and Standards. She has over 20 years of healthcare experience as a consultant, Director, Privacy Officer, Project Manager, and IT System Analyst. As a Director of Patient Health Information Protection at a hospital systems’ corporate office she led the creation of the Privacy Program for over 300 hospitals, surgery centers, and physician practices including training over 1000 privacy officers. She has expertise in Electronic Health Records and has worked with numerous sites during implementations and is a certified Project Management Professional (PMP).

Ms. Downing is an established speaker on diverse healthcare topics and an active author on information governance, security, privacy and legal health records. She is also an adjunct faculty member for the University of Cincinnati.

Joseph Kirkpatrick is the Managing Partner at KirkpatrickPrice and holds the CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, IT governance, and regulatory compliance. He enjoys helping clients and stakeholders by navigating them through the complex maze of compliance and regulatory requirements.