HIPAA Collaborative of Wisconsin 2015 Spring Conference April Showers Bring HIPAA-COWers! April 10, 2015 PROGRAM SUMMARY: 7:45-8:45 Registration & Continental Breakfast 8:45-9:00 Welcome & IntroductionsPresident Greg Margrett 9:00-10:15 Keynote– Byron Franz, FBI Milwaukee 10:15-10:45 Break-A chance to visit with our Exhibitors 10:45–12:00 Breakout Sessions Group 1Privacy/Security or EDI 12:00–1:00 Lunch-Networking with fellow attendees 1:00-2:15 Breakout Sessions Group 2 Privacy, Security or EDI 2:15-2:30 Break-A chance to visit with our Exhibitors 2:30-3:30 Breakout Sessions Group 3 Privacy, Security or EDI Our Spring Conference will Feature: Convenient online registration with the ability to pay via check or Pay Pal. Continued low registration rates of $125 for Early Bird (deadline March 20) and $150 thereafter. Very affordable hotel room rate of $89. Convenient location between Madison and Milwaukee on I94. Breakout sessions that will cover Privacy, Security & EDI topics. Continuing Legal Education (CLE) Credits: This entire program has been approved for 4.0 General Wisconsin CLE Credits!! View approval HERE. HOTEL ROOM RESERVATIONS: EVENT LOCATION: For reservations made by Friday, March 20th, the room rate for Thursday evening is $89* 1350 Royale Mile Rd. Oconomowoc, WI 53066 Directions: Take I94 to Exit #282 (Hwy 67). Go north on Hwy 67 for 1.5 miles. Olympia Resort will be on the left. (After that date, availability & rate can’t be guaranteed). Make Reservations by: Phone: Call Olympia directly at 1(262)369-4999. Then request a room in the HIPAA COW Block. Olympia Resort or Online: HERE Then enter Promo code HIPAA *Rates are subject to state and local taxes. *$89 rate also available Wednesday and Friday. Registrations for all HIPAA COW events are taken ONLINE ONLY! Please go to our website hipaacow.org. Then, go to the Events Page for complete details and to register online. HIPAA 101 Education Materials: Our website has materials specifically designed to provide an introduction to HIPAA basics. These materials may be especially beneficial to individuals new to HIPAA. If you have a limited understanding of HIPAA, we recommend you view these prior to attending our conference, as our sessions tend to be more advanced. These materials are available on our website resources page: http://hipaacow.org/resources. Questions? [email protected] or (651)340-6426 Organizations that helped promote this Conference: HFMA WEDI WHA WHIMA We thank them for their support! We’ve Gone Green: In an effort to reflect the environmental changes going on around us, session handouts will no longer be printed but they will be made available prior to the conference so attendees can download the handouts to their mobile devices or print their own handouts should they choose to do so. An email with a link to the handouts will be sent to all registered attendees a few days prior to the event. Keynote Session - Insider and Cyber Threats to Healthcare Session 102(EDI): The HIPAA-mandated CAQH CORE Operating Rules – What’s on the Horizon? This session will describe the massive ongoing threat to U.S. businesses and academic institutions from malicious computer intrusions, cyber attacks, and the theft of “trade secrets,” those nuggets of intellectual property that drive innovation and business activity. Recent federal prosecutions in the State of Wisconsin will be used as examples, with two of these directly affecting the healthcare industry. The growing threat posed by illegal access to Internet-connected medical devices will be discussed. Mitigations to these threats will be suggested along with the role of the FBI in helping organizations defend against them. This session will provide a high level overview of the third set of the ACA required operating rules currently in development by CAQH CORE as Phase IV CAQH CORE Operating Rules. These Operating Rules will address the remaining HIPAA-mandated ASC X12N specifications for claims (837), health care services review aka prior authorization (278), benefit enrollment and maintenance (834) and health plan premium payment (820). A special focus will be on the draft Phase IV Connectivity and Claim Infrastructure rules which will be completing the CAQH CORE rule development and approval process in Q1 2015. Given that these draft Phase IV CAQH CORE Operating Rules build upon and extend requirements from the Phase I, II and III CAQH CORE Operating Rules for eligibility, claim status, EFT and ERA, which have already been mandated by ACA, the session will provide a brief review of the industry’s implementation challenges and learnings. Byron Franz, Special Agent, FBI Milwaukee Byron Franz is a Special Agent with the Federal Bureau of Investigation (FBI) and has worked national security investigations for over 17 years. Earlier in his career, he served as an FBI SWAT Team operator and led the investigation of an Indiana man who was convicted of working as an agent of Saddam Hussein’s intelligence service. Special Agent Franz currently serves as the Coordinator for the FBI’s Strategic Partnerships and InfraGard programs in the State of Wisconsin, where it is his responsibility to foster public-private partnerships between government agencies, universities, and corporations, including Wisconsin’s healthcare providers, to better safeguard those organizations against computer intrusions and economic espionage. Special Agent Franz was educated in Wisconsin, having received his B.A. (Russian and International Relations) and law degree from the University of Wisconsin-Madison, and being a graduate of St. Francis High School. Session 101(Privacy/Security): Privacy Training: Tips, Tricks and Case Studies In this session: 1. Attendees will learn how to: Explain the laws non-legalistically Give actionable and pragmatic privacy examples and instructions Empower, motivate and scare (just a little) a diverse health care audience 2. A variety of Case Studies will be provided Rachel Foerster, Rachel Foerster & Associates, Ltd Rachel Foerster is the CEO of Rachel Foerster & Associates, Ltd. in Beach Park, Illinois, an independent consulting practice founded by her in 1993, dedicated to assisting the health care industry with the transition to Electronic Commerce. She is also a Senior Consultant with Boundary Information Group headquartered in Denver. Rachel is a key consultant for CAQH CORE ®, providing subject matter expertise and staff support since its launch in 2004. In this role she has represented CAQH CORE in several important health care health information technology efforts . Rachel is well known within the health care EDI arena due to her leadership positions in several industry organizations, including over 20 years designing, developing and implementing a variety of proprietary and standards-based EDI systems to support hospitals, distributors, manufacturers and other organizations for online, batch and interactive electronic information exchange. Specific areas of focus included HIPAA, materials management and financial EDI implementations. Thank you to our 2015 HIPAA COW Sponsors: GOLD: Daniel Weissburg, University of WI Hospital and Clinics Dan Weissburg has been the Compliance and Privacy Officer at University of Wisconsin Hospital and Clinics (UWHC) in Madison since 2007. Included among his responsibilities at UWHC are directing the Privacy/Security Breach Investigation Team and leading “snoop”, “blab” and “mix-up” investigations. Dan lectures before and educates thousands of employees on privacy issues each year. He has practiced healthcare law for 24 years, previously with firms in Washington DC and Chicago. He is widely published and was previously the Editor-in-Chief of the CCH Healthcare Compliance Portfolio. Dan's law degree is from George Mason University School of Law, and he earned a BA in Political Science and History from UW-Madison, where he was president of the Order of Omega. He lives in Middleton with his wife, has two sons in college, and spends his free time spoiling his Labradoodle, Wrigley. SILVER: BRONZE: Cancellation Policy: HIPAA COW reserves the right to substitute faculty or cancel or reschedule programs due to low enrollment or other unforeseen events. If, for any reason, HIPAA COW must cancel this program, registrants will receive a full refund of the registration fee (or a credit to be used for a future HIPAA COW event). Should you be unable to attend, a refund, less a $25 processing fee, will be given for cancellations received 72 hours prior to the event. There will be no refund given if notice is given less than 72 hours prior (even if weather related). Substitutions can be made anytime before the start of the event. Session 201(Privacy): HIPAA Harmonization - One Year Later It’s been a year since Wisconsin harmonized the State’s mental health privacy laws with HIPAA. Since then, healthcare providers have been working to change internal policies related to the privacy of mental health records. This session will focus on: The benefits: greater continuity of care between mental health providers and primary care providers The barriers: changing providers understanding of confidentiality requirements, addressing patient expectations, and EMR challenges. Sarah Coyne will provide a legal overview. Nancy Schallert, Executive Director of Compliance at Froedtert Health, and Kirk Yauchler, Manager of Behavioral Health at ProHealth Care, will discuss the logistical aspects of implementing the new law. Sarah Coyne, Quarles & Brady, LLP Sarah Coyne is national chair of the health law group at Quarles & Brady LLP, and has an active practice advising hospitals on all regulatory issues with a focus on health information issues. Sarah was named Health Law Attorney of the Year for 2011 by the Wisconsin Bar Association. She holds a Martindale-Hubbell AV Peer Review rating, has been listed in The Best Lawyers in America every year since 2009, was selected as a 2013 Leader in the Law by the Wisconsin Law Journal and this year was named as a SuperLawyer in health law. She teaches a Health Law class at the University of Wisconsin Law School. Nancy Schallert, Froedtert Health Nancy Schallert is currently the Executive Director of Corporate Compliance and Internal Audit for Froedtert Health. She has more than 20 years of experience in healthcare serving in a variety of roles in different healthcare settings, including health information management, revenue cycle consulting, information technology consulting, JCAHO preparation, privacy, regulatory compliance, research compliance, and internal audit. Kirk Yauchler, ProHealth Care Kirk Yauchler has worked in hospital and clinic-based behavioral health services since 2000, and has managed behavioral health operations for the past 3 years. He has been with ProHealth Care since 2006, and currently oversees the Outpatient and Assessment & Referral behavioral health departments. Over the past year he has participated in the WI Epic User Group’s webinar discussions on the topic of HIPAA Harmonization, as well as PHC’s internal workgroup on implementing HIPAA Harmonization. Session 202(Security): Audit Logging Panel Who wants to do a privacy/security audit? The answer of course is that no one ever wants to but sometimes we have to. We will present some case studies and suggest what is needed, what is useful, and what is not. IT Staff needs to work with privacy and compliance staff to provide the detail needed to protect our patients. Audits can also involve legal staff in case a violation has taken place. As a panel, we will share ideas on how this cooperation can happen. (Cont’d next column) Vendors featuring HIPAA-related products and services will be on site. Moderator: Jim Sehloff, CareTech Solutions Jim Sehloff currently serves as the Security Officer for CareTech Solutions at Holy Family Memorial Health in Manitowoc, Wisconsin, and has been involved with HIPAA security since the advent of the security rules. In his role, Jim oversees both privacy and compliance audits for Holy Family, including “reactive” audits performed following patient requests as well as “proactive” audits to ensure HIPAA compliance. He has been actively involved with HIPAA COW for many years, including serving as a co-chair of the Security Networking Group. Panelists: Bob Bennett, NaviLogic Bob Bennett has over 20 years of experience in IT, Information Security and Risk management; the last 13 years primarily leading risk management and assurance programs in medical device industries and consulting to healthcare and related industries. In 2013 his security and audit program won a GRC Value Award, where the audit program component alone directly saved his organization nearly $1 million per year. He is currently a cofounder of NaviLogic, responsible for consulting services delivery and development; with many long-term healthcare service and healthcare-related clients. Mr. Bennett has a bachelor’s degree in electrical engineering from the University of Minnesota. Brian Blanchette, SVA Healthcare Services Brian Blanchette is the Risk Management and Governance Regulatory Compliance (GRC) Senior Consultant for SVA Consulting, LLC, an affiliate of SVA Certified Public Accountants, S.C. With over 20 years of experience in IT security, compliance and risk management, Brian has a record of unceasing accomplishment as a senior advisor and consultant and has experience working with the HIPAA Security and Privacy regulations from a hands-on corporate stand point as well as an auditing/consulting basis. He routinely provides thought leadership concerning compliance, risk management and information security to clients in the healthcare and insurance business sectors. Lee Kadel, Wheaton Franciscan Healthcare Lee Kadel has worked in the IT field for over 25 years, including the last 12 years as an Information Security Analyst for Wheaton Franciscan Healthcare. He holds, or has held, multiple industry certifications including MCSE, CCSA, CCA, NTCIP, GSEC, and GHSC. He also has two Masters Degrees – a Master of Science in Management of Technology, and a Master of Science in Executive Business Administration. Lee is an active member of several industry organizations including the FBI InfraGard program, the Curriculum Advisory Board for Milwaukee Area Technical College, and the Collegiate Cyber-Defense Competition. Lee serves on the HIPAA COW Board of Directors, the HIPAA COW Security networking group, and is a co-founder and co-chair of the HIPAA COW Risk Management networking group. Sarah Kleaveland-Kupczak, Wheaton Franciscan Sarah Kleaveland-Kupczak is the Vice President of Corporate Compliance for the Wheaton Franciscan Healthcare system. In that role, she is responsible for the patient privacy and security program for multiple hospitals, physician practices, home health, hospice, skilled nursing facilities and durable medical equipment companies across three states. Sarah has been in healthcare compliance in various capacities for nearly 20 years-often focusing on the use of data analytics in compliance and privacy investigations. She has worked for several health care systems and a CMS fiscal intermediary. In a prior life, she practiced law. Session 203(EDI):Operating Rules Pain Points & YOU Review the differences between the phase 4 Operating Rules and the first 3 phases from Rachel Foerster, then join in a discussion on the pain points with phases 1, 2, and 3 being felt on the provider and payer sides. Audience members will learn from others in attendance what they have done to get past those pain points. Feedback will be solicited in the session, and via surveys to HIPAA COW networking group members and conference attendees prior to the conference. Rachel Foerster, Rachel Foerster & Associates, Ltd See bio from Session 102. Session 301(Privacy): Release of Information – Managing Disclosure of PHI This session will review how to approach and analyze release of information requests and scenarios in accordance with HIPAA and state law. Presenters will discuss disclosure scenarios and various common disclosure situations including subpoenas and court orders. Presenters will review patient requests for release of information under HIPAA and State Law including a discussion of electronic format requests, requests to transmit PHI, and applying copy fees in an electronic environment. Amy Derlink, Iod Incorporated Amy Derlink graduated from the University of Pittsburgh with a degree in Health Information Management. She started as a coder before joining IOD in 1995 as an Operations Manager then was promoted to Privacy Officer in 2004. Amy became a Certified HIPAA Administrator in November, 2012. Amy remains on the forefront of state and federal laws governing HIPAA Privacy and Security of Health information and communicates regulatory changes to the company. Amy hosts regular webinars on topics such as Meaningful Use, HITECH and other regulatory updates and contributes to a HIPAA blog. Additionally, Amy travels to national, state and regional association conventions and meetings to speak on HIM-related issues. Most recently she presented on the Impact of OCR Audits at the 2013 AHIMA National Conference in Atlanta, GA and has won the 2014 Forst and Sullivan CIO Impact Award for meeting Data and Network Resilience with Innovative technology in the privacy of Health Information. Peg Schmidt, Aurora Healthcare Peg Schmidt is the Chief Privacy Officer for Aurora Health Care. In that role Peg is responsible for the Privacy Compliance program across the entire integrated health system that includes 30,000+ employees and 15 hospital campuses, 172 clinic sites, and 70+ community pharmacies in more than 90 communities throughout eastern Wisconsin and northern Illinois. Peg’s professional background is in Health Information Management as an RHIA and holds additional credentials as Certified in Healthcare Privacy and Security. Peg is currently a member of the AHIMA Privacy and Security Council. She is active as a conference speaker on various topics including HIPAA Privacy and Release of Information. Mark your calendar and plan to attend our upcoming Conferences!! Fall: October 23, 2015: Wilderness Resort, WI Dells Mega Healthcare Conference: January 20-22, 2016: Kalahari Resort, WI Dells Session 302(Security): Information Security Roundtable One of the extraordinary benefits of attending the HIPAA COW Conference is the caliber of healthcare security talent within our own membership. Do you have a problem that you would like other opinions on? Have you implemented something recently that is so awesome that you would like to share the success with others? We will discuss any security concerns you may have, from mobile, cloud, social media, big data, APTs, recent attacks, new products on the market, trends in cybersecurity, or whatever your current issue is! Todd Fitzgerald, Grant Thornton International Todd Fitzgerald is the Global Director of Information Security for Grant Thornton International, Ltd. providing strategic information security leadership for Grant Thornton member firms supporting 38,500 employees in 126 countries. Todd has been leading information security programs for 17 years and is ranked as a 2013 Top 50 Information Security Executive, named as a 2013 Distinguished Fellow by the Ponemon Institute, authored the 2012 book, Information Security Governance Simplified: From the Boardroom to the Keyboard, and coauthored the ISC2 Book CISO Leadership: Essential Principles for Success. Todd most recently co-authored the 2014 Certi- fied Chief Information Security Officer (CCISO) Body of Knowledge, serves as the CCISO online instructor, and is a past finalist of the ISE Security Executive of the Year award. He earned a MBA from Oklahoma State University and a B.S. degree from the University of Wisconsin-La Crosse, where he is a current advisor to the college of business administration. Session 303(EDI): How Can We Get This To Work?!?! Join others in discussing issues and challenges they are experiencing with their EDI transactions and processes. Moderator Greg Margrett will facilitate a discussion to help all those in attendance discover best practices and resolution to various EDI transaction issues. Feedback on issues will be solicited in the session, and via surveys to HIPAA COW networking group members and conference attendees prior to the conference. Greg Margrett, Passport/Experian Greg Margrett has held a variety of roles in healthcare IT over the past 15+ years, and is currently Director of Implementation -Claims for Passport/Experian, a revenue cycle management company headquartered in Chicago and Franklin, TN. Prior to joining Passport, Greg served on the product management team at Optum/Ingenix where he worked on HIE (health information exchange) products, Direct secure messaging platforms, a workers’ compensation clearinghouse, and the Netwerkes group medical clearinghouse. In addition, Greg served as the Director for Payer and Channel Partner Services at Netwerkes prior to its acquisition by Ingenix, as a payer account manager at Payerpath/Misys, and as the HIPAA/Clearinghouse Project Manager for Passport Health and Proservices. Greg currently serves as president of HIPAA COW having served on its Board of Directors since 2007, and has been a presenter at HIPAA COW conferences and webinars as well as at regional and national industry functions (WEDI, AFEHCT, AHIP) related to HIPAA and revenue cycle management.
© Copyright 2024