Brochure - hipaa cow

HIPAA Collaborative of Wisconsin
2015 Spring Conference
April Showers Bring HIPAA-COWers!
April 10, 2015
PROGRAM SUMMARY:
7:45-8:45
Registration & Continental
Breakfast
8:45-9:00
Welcome & IntroductionsPresident Greg Margrett
9:00-10:15 Keynote– Byron Franz, FBI
Milwaukee
10:15-10:45 Break-A chance to visit with
our Exhibitors
10:45–12:00 Breakout Sessions Group 1Privacy/Security or EDI
12:00–1:00
Lunch-Networking with
fellow attendees
1:00-2:15
Breakout Sessions Group 2 Privacy, Security or EDI
2:15-2:30
Break-A chance to visit with
our Exhibitors
2:30-3:30
Breakout Sessions Group 3 Privacy, Security or EDI
Our Spring Conference
will Feature:
 Convenient online registration




with the ability to pay via check
or Pay Pal.
Continued low registration rates
of $125 for Early Bird (deadline
March 20) and $150 thereafter.
Very affordable hotel room rate
of $89.
Convenient location between
Madison and Milwaukee on I94.
Breakout sessions that will cover
Privacy, Security & EDI topics.
Continuing Legal
Education (CLE) Credits:
This entire program has
been approved for 4.0
General Wisconsin CLE
Credits!!
View approval HERE.
HOTEL ROOM
RESERVATIONS:
EVENT LOCATION:
For reservations made by
Friday, March 20th,
the room rate for
Thursday evening is $89*
1350 Royale Mile Rd.
Oconomowoc, WI 53066
Directions:
Take I94 to
Exit #282 (Hwy 67).
Go north on Hwy 67 for 1.5
miles. Olympia Resort will be
on the left.
(After that date, availability
& rate can’t be guaranteed).
Make Reservations by:
Phone:
Call Olympia directly at
1(262)369-4999.
Then request a room in the
HIPAA COW Block.
Olympia Resort
or
Online: HERE
Then enter Promo code
HIPAA
*Rates are subject to state and
local taxes. *$89 rate also
available Wednesday and Friday.
Registrations for all HIPAA COW events
are taken ONLINE ONLY!
Please go to our website
hipaacow.org.
Then, go to the Events Page
for complete details and to register online.
HIPAA 101 Education Materials:
Our website has materials specifically designed to provide an introduction to HIPAA basics. These materials
may be especially beneficial to individuals new to
HIPAA. If you have a limited understanding of HIPAA,
we recommend you view these prior to attending our
conference, as our sessions tend to be more advanced. These materials are available on our website
resources page: http://hipaacow.org/resources.
Questions? [email protected] or (651)340-6426
Organizations that
helped promote this
Conference:
HFMA WEDI
WHA WHIMA
We thank them for their support!
We’ve
Gone
Green:
In an effort to reflect the
environmental changes going on
around us, session handouts
will no longer be printed but
they will be made available
prior to the conference so attendees can download the
handouts to their mobile devices or print their own handouts
should they choose to do so.
An email with a link to the
handouts will be sent to all
registered attendees a few
days prior to the event.
Keynote Session - Insider and Cyber Threats to
Healthcare
Session 102(EDI): The HIPAA-mandated CAQH
CORE Operating Rules – What’s on the Horizon?
This session will describe the massive ongoing threat to U.S.
businesses and academic institutions from malicious computer
intrusions, cyber attacks, and the theft of “trade secrets,”
those nuggets of intellectual property that drive innovation and
business activity. Recent federal prosecutions in the State of
Wisconsin will be used as examples, with two of these directly
affecting the healthcare industry. The growing threat posed
by illegal access to Internet-connected medical devices will be
discussed. Mitigations to these threats will be suggested along
with the role of the FBI in helping organizations defend
against them.
This session will provide a high level overview of the third set of
the ACA required operating rules currently in development by
CAQH CORE as Phase IV CAQH CORE Operating Rules. These
Operating Rules will address the remaining HIPAA-mandated ASC
X12N specifications for claims (837), health care services review
aka prior authorization (278), benefit enrollment and maintenance
(834) and health plan premium payment (820). A special focus
will be on the draft Phase IV Connectivity and Claim Infrastructure rules which will be completing the CAQH CORE rule development and approval process in Q1 2015. Given that these draft
Phase IV CAQH CORE Operating Rules build upon and extend requirements from the Phase I, II and III CAQH CORE Operating
Rules for eligibility, claim status, EFT and ERA, which have already been mandated by ACA, the session will provide a brief
review of the industry’s implementation challenges and learnings.
Byron Franz, Special Agent, FBI Milwaukee
Byron Franz is a Special Agent with the Federal Bureau of Investigation (FBI) and has worked national security investigations for over 17 years. Earlier in his career, he served as an
FBI SWAT Team operator and led the investigation of an Indiana man who was convicted of working as an agent of Saddam
Hussein’s intelligence service. Special Agent Franz currently
serves as the Coordinator for the FBI’s Strategic Partnerships
and InfraGard programs in the State of Wisconsin, where it is
his responsibility to foster public-private partnerships between
government agencies, universities, and corporations, including
Wisconsin’s healthcare providers, to better safeguard those
organizations against computer intrusions and economic espionage. Special Agent Franz was educated in Wisconsin, having
received his B.A. (Russian and International Relations) and law
degree from the University of Wisconsin-Madison, and being a
graduate of St. Francis High School.
Session 101(Privacy/Security): Privacy Training:
Tips, Tricks and Case Studies
In this session:
1. Attendees will learn how to:
 Explain the laws non-legalistically
 Give actionable and pragmatic privacy examples and
instructions
 Empower, motivate and scare (just a little) a diverse
health care audience
2. A variety of Case Studies will be provided
Rachel Foerster, Rachel Foerster & Associates, Ltd
Rachel Foerster is the CEO of Rachel Foerster & Associates, Ltd.
in Beach Park, Illinois, an independent consulting practice founded
by her in 1993, dedicated to assisting the health care industry
with the transition to Electronic Commerce. She is also a Senior
Consultant with Boundary Information Group headquartered in
Denver. Rachel is a key consultant for CAQH CORE ®, providing
subject matter expertise and staff support since its launch in
2004. In this role she has represented CAQH CORE in several
important health care health information technology efforts .
Rachel is well known within the health care EDI arena due to her
leadership positions in several industry organizations, including
over 20 years designing, developing and implementing a variety of
proprietary and standards-based EDI systems to support hospitals, distributors, manufacturers and other organizations for online, batch and interactive electronic information exchange. Specific areas of focus included HIPAA, materials management and
financial EDI implementations.
Thank you to our 2015 HIPAA COW Sponsors:
GOLD:
Daniel Weissburg, University of WI Hospital and
Clinics
Dan Weissburg has been the Compliance and Privacy Officer at
University of Wisconsin Hospital and Clinics (UWHC) in Madison
since 2007. Included among his responsibilities at UWHC are
directing the Privacy/Security Breach Investigation Team and
leading “snoop”, “blab” and “mix-up” investigations. Dan lectures
before and educates thousands of employees on privacy issues
each year. He has practiced healthcare law for 24 years, previously with firms in Washington DC and Chicago. He is widely
published and was previously the Editor-in-Chief of the CCH
Healthcare Compliance Portfolio. Dan's law degree is from
George Mason University School of Law, and he earned a BA in
Political Science and History from UW-Madison, where he was
president of the Order of Omega.
He lives in Middleton with his wife, has two sons in college, and
spends his free time spoiling his Labradoodle, Wrigley.
SILVER:
BRONZE:
Cancellation Policy: HIPAA COW reserves the right to substitute faculty or cancel
or reschedule programs due to low enrollment or other unforeseen events. If, for any
reason, HIPAA COW must cancel this program, registrants will receive a full refund
of the registration fee (or a credit to be used for a future HIPAA COW
event). Should you be unable to attend, a refund, less a $25 processing fee, will be
given for cancellations received 72 hours prior to the event. There will be no refund
given if notice is given less than 72 hours prior (even if weather related). Substitutions can be made anytime before the start of the event.
Session 201(Privacy): HIPAA Harmonization - One
Year Later
It’s been a year since Wisconsin harmonized the State’s mental
health privacy laws with HIPAA. Since then, healthcare providers
have been working to change internal policies related to the privacy of mental health records. This session will focus on:
 The benefits: greater continuity of care between mental
health providers and primary care providers
 The barriers: changing providers understanding of confidentiality requirements, addressing patient expectations, and EMR
challenges.
Sarah Coyne will provide a legal overview. Nancy Schallert, Executive Director of Compliance at Froedtert Health, and Kirk Yauchler, Manager of Behavioral Health at ProHealth Care, will discuss the logistical aspects of implementing the new law.
Sarah Coyne, Quarles & Brady, LLP
Sarah Coyne is national chair of the health law group at Quarles
& Brady LLP, and has an active practice advising hospitals on all
regulatory issues with a focus on health information issues. Sarah was named Health Law Attorney of the Year for 2011 by the
Wisconsin Bar Association. She holds a Martindale-Hubbell AV
Peer Review rating, has been listed in The Best Lawyers in
America every year since 2009, was selected as a 2013 Leader
in the Law by the Wisconsin Law Journal and this year was
named as a SuperLawyer in health law. She teaches a Health
Law class at the University of Wisconsin Law School.
Nancy Schallert, Froedtert Health
Nancy Schallert is currently the Executive Director of Corporate
Compliance and Internal Audit for Froedtert Health. She has
more than 20 years of experience in healthcare serving in a variety of roles in different healthcare settings, including health information management, revenue cycle consulting, information
technology consulting, JCAHO preparation, privacy, regulatory
compliance, research compliance, and internal audit.
Kirk Yauchler, ProHealth Care
Kirk Yauchler has worked in hospital and clinic-based behavioral
health services since 2000, and has managed behavioral health
operations for the past 3 years. He has been with ProHealth
Care since 2006, and currently oversees the Outpatient and Assessment & Referral behavioral health departments. Over the
past year he has participated in the WI Epic User Group’s webinar discussions on the topic of HIPAA Harmonization, as well as
PHC’s internal workgroup on implementing HIPAA Harmonization.
Session 202(Security): Audit Logging Panel
Who wants to do a privacy/security audit? The answer of course
is that no one ever wants to but sometimes we have to. We will
present some case studies and suggest what is needed, what is
useful, and what is not. IT Staff needs to work with privacy and
compliance staff to provide the detail needed to protect our patients. Audits can also involve legal staff in case a violation has
taken place. As a panel, we will share ideas on how this cooperation can happen. (Cont’d next column)
Vendors featuring HIPAA-related
products and services will be on site.
Moderator: Jim Sehloff, CareTech Solutions
Jim Sehloff currently serves as the Security Officer for CareTech Solutions at Holy Family Memorial Health in Manitowoc,
Wisconsin, and has been involved with HIPAA security since the
advent of the security rules. In his role, Jim oversees both privacy and compliance audits for Holy Family, including “reactive”
audits performed following patient requests as well as
“proactive” audits to ensure HIPAA compliance. He has been actively involved with HIPAA COW for many years, including serving as a co-chair of the Security Networking Group.
Panelists: Bob Bennett, NaviLogic
Bob Bennett has over 20 years of experience in IT, Information
Security and Risk management; the last 13 years primarily leading risk management and assurance programs in medical device
industries and consulting to healthcare and related industries. In 2013 his security and audit program won a GRC Value
Award, where the audit program component alone directly saved
his organization nearly $1 million per year. He is currently a cofounder of NaviLogic, responsible for consulting services delivery
and development; with many long-term healthcare service and
healthcare-related clients. Mr. Bennett has a bachelor’s degree
in electrical engineering from the University of Minnesota.
Brian Blanchette, SVA Healthcare Services
Brian Blanchette is the Risk Management and Governance Regulatory Compliance (GRC) Senior Consultant for SVA Consulting,
LLC, an affiliate of SVA Certified Public Accountants, S.C. With
over 20 years of experience in IT security, compliance and risk
management, Brian has a record of unceasing accomplishment as a
senior advisor and consultant and has experience working with
the HIPAA Security and Privacy regulations from a hands-on
corporate stand point as well as an auditing/consulting basis. He
routinely provides thought leadership concerning compliance, risk
management and information security to clients in the healthcare
and insurance business sectors.
Lee Kadel, Wheaton Franciscan Healthcare
Lee Kadel has worked in the IT field for over 25 years, including
the last 12 years as an Information Security Analyst for
Wheaton Franciscan Healthcare. He holds, or has held, multiple
industry certifications including MCSE, CCSA, CCA, NTCIP,
GSEC, and GHSC. He also has two Masters Degrees – a Master of
Science in Management of Technology, and a Master of Science
in Executive Business Administration. Lee is an active member of
several industry organizations including the FBI InfraGard program, the Curriculum Advisory Board for Milwaukee Area Technical College, and the Collegiate Cyber-Defense Competition. Lee
serves on the HIPAA COW Board of Directors, the HIPAA COW
Security networking group, and is a co-founder and co-chair of
the HIPAA COW Risk Management networking group.
Sarah Kleaveland-Kupczak, Wheaton Franciscan
Sarah Kleaveland-Kupczak is the Vice President of Corporate
Compliance for the Wheaton Franciscan Healthcare system. In
that role, she is responsible for the patient privacy and security
program for multiple hospitals, physician practices, home health,
hospice, skilled nursing facilities and durable medical equipment
companies across three states. Sarah has been in healthcare
compliance in various capacities for nearly 20 years-often focusing on the use of data analytics in compliance and privacy investigations. She has worked for several health care systems and a
CMS fiscal intermediary. In a prior life, she practiced law.
Session 203(EDI):Operating Rules Pain Points & YOU
Review the differences between the phase 4 Operating Rules and
the first 3 phases from Rachel Foerster, then join in a discussion on
the pain points with phases 1, 2, and 3 being felt on the provider and
payer sides. Audience members will learn from others in attendance
what they have done to get past those pain points. Feedback will be
solicited in the session, and via surveys to HIPAA COW networking
group members and conference attendees prior to the conference.
Rachel Foerster, Rachel Foerster & Associates, Ltd
See bio from Session 102.
Session 301(Privacy): Release of Information –
Managing Disclosure of PHI
This session will review how to approach and analyze release of information requests and scenarios in accordance with HIPAA and
state law. Presenters will discuss disclosure scenarios and various
common disclosure situations including subpoenas and court orders.
Presenters will review patient requests for release of information
under HIPAA and State Law including a discussion of electronic format requests, requests to transmit PHI, and applying copy fees in an
electronic environment.
Amy Derlink, Iod Incorporated
Amy Derlink graduated from the University of Pittsburgh with a
degree in Health Information Management. She started as a coder
before joining IOD in 1995 as an Operations Manager then was promoted to Privacy Officer in 2004. Amy became a Certified HIPAA
Administrator in November, 2012.
Amy remains on the forefront of state and federal laws governing
HIPAA Privacy and Security of Health information and communicates regulatory changes to the company. Amy hosts regular webinars on topics such as Meaningful Use, HITECH and other regulatory updates and contributes to a HIPAA blog. Additionally, Amy travels to national, state and regional association conventions and meetings to speak on HIM-related issues. Most recently she presented
on the Impact of OCR Audits at the 2013 AHIMA National Conference in Atlanta, GA and has won the 2014 Forst and Sullivan CIO
Impact Award for meeting Data and Network Resilience with Innovative technology in the privacy of Health Information.
Peg Schmidt, Aurora Healthcare
Peg Schmidt is the Chief Privacy Officer for Aurora Health Care.
In that role Peg is responsible for the Privacy Compliance program
across the entire integrated health system that includes 30,000+
employees and 15 hospital campuses, 172 clinic sites, and 70+ community pharmacies in more than 90 communities throughout eastern
Wisconsin and northern Illinois. Peg’s professional background is in
Health Information Management as an RHIA and holds additional
credentials as Certified in Healthcare Privacy and Security. Peg is
currently a member of the AHIMA Privacy and Security Council.
She is active as a conference speaker on various topics including
HIPAA Privacy and Release of Information.
Mark your calendar and plan to attend
our upcoming Conferences!!
Fall: October 23, 2015: Wilderness Resort, WI Dells
Mega Healthcare Conference: January 20-22, 2016:
Kalahari Resort, WI Dells
Session 302(Security): Information Security
Roundtable
One of the extraordinary benefits of attending the HIPAA
COW Conference is the caliber of healthcare security talent
within our own membership. Do you have a problem that you
would like other opinions on? Have you implemented something
recently that is so awesome that you would like to share the
success with others? We will discuss any security concerns you
may have, from mobile, cloud, social media, big data, APTs, recent attacks, new products on the market, trends in cybersecurity, or whatever your current issue is!
Todd Fitzgerald, Grant Thornton International
Todd Fitzgerald is the Global Director of Information Security
for Grant Thornton International, Ltd. providing strategic information security leadership for Grant Thornton member
firms supporting 38,500 employees in 126 countries. Todd has
been leading information security programs for 17 years and is
ranked as a 2013 Top 50 Information Security Executive,
named as a 2013 Distinguished Fellow by the Ponemon Institute, authored the 2012 book, Information Security Governance Simplified: From the Boardroom to the Keyboard, and coauthored the ISC2 Book CISO Leadership: Essential Principles
for Success. Todd most recently co-authored the 2014 Certi-
fied Chief Information Security Officer (CCISO) Body of
Knowledge, serves as the CCISO online instructor, and is a past
finalist of the ISE Security Executive of the Year award. He
earned a MBA from Oklahoma State University and a B.S. degree from the University of Wisconsin-La Crosse, where he is a
current advisor to the college of business administration.
Session 303(EDI): How Can We Get This To
Work?!?!
Join others in discussing issues and challenges they are experiencing with their EDI transactions and processes. Moderator
Greg Margrett will facilitate a discussion to help all those in
attendance discover best practices and resolution to various
EDI transaction issues. Feedback on issues will be solicited in
the session, and via surveys to HIPAA COW networking group
members and conference attendees prior to the conference.
Greg Margrett, Passport/Experian
Greg Margrett has held a variety of roles in healthcare IT over
the past 15+ years, and is currently Director of Implementation
-Claims for Passport/Experian, a revenue cycle management
company headquartered in Chicago and Franklin, TN.
Prior to joining Passport, Greg served on the product management team at Optum/Ingenix where he worked on HIE (health
information exchange) products, Direct secure messaging platforms, a workers’ compensation clearinghouse, and the
Netwerkes group medical clearinghouse.
In addition, Greg served as the Director for Payer and Channel
Partner Services at Netwerkes prior to its acquisition by Ingenix, as a payer account manager at Payerpath/Misys, and as the
HIPAA/Clearinghouse Project Manager for Passport Health
and Proservices.
Greg currently serves as president of HIPAA COW having
served on its Board of Directors since 2007, and has been a
presenter at HIPAA COW conferences and webinars as well as
at regional and national industry functions (WEDI, AFEHCT,
AHIP) related to HIPAA and revenue cycle management.