may 18 – 21, 2015 gaylord texan resort, dallas/fort worth · – blake sutherland, vice...

www.hitrustalliance.net

May 18 – 21, 2015Gaylord Texan Resort, Dallas/Fort Worth

http://www.hitrustalliance.net


HITRUST 2015 is the only event dedicated to exploring all aspects of healthcare information protection and utilization of the HITRUST CSF and CSF Assurance Program.

How to RegisterClick here to register. A booking link for the Gaylord Texan will be sent in your registration confirmation email. For more information on the conference, you can also visit: https://hitrustalliance.net/hitrust2015/

Pricing and PaymentConference Only - Staying at the Gaylord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$1,300.00

Conference Only - Staying Elsewhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$1,500.00

Conference + Cloud Security Summit - Staying at the Gaylord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$1,300.00

Conference + Cloud Security Summit - Staying Elsewhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$1,500.00

Cloud Security Summit Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $650.00

If booked by April 14, 2015, and by mentioning HITRUST, conference attendees can receive a room rate at the Gaylord Texan of $179/night.

Participants can pay via credit card or check and registration is tentative until payment is received.

Gaylord Texas Resort & Convention Center1501 Gaylord Trail, Grapevine, Texas 76051

(817) 778-1000

CPE Credit InformationAttendees can receive proof

of attendance upon request

for 16 hours of CPE credit.


http://events.constantcontact.com/register/event?llr=yv9kyekab&oeidk=a07eak2p6ra0c4a9335

https://hitrustalliance.net/hitrust2015/


PreconferenceIn association with HITRUST 2015, we are offering a one-day preconference event to focus on the rapidly evolving Cloud environment. It will be conducted in an educational format with tracks organized around the key areas organizations are most interested in, including presentations and panels on private and public Clouds, as well as relevant discussions on Cloud compliance and assessment. The event will be underwritten by leading organizations in the healthcare cloud market, including managed service providers and leading Cloud technology suppliers.

Organizations Include:

Who Should Attend?Annual Conference: Anyone responsible for the protection of health information including CIOs, CISO, CPOs, CTOs.

Health Cloud Security Summit: CIOs, CTO, CISO’s and others with strategic or operations responsibility for the protection of health information combined with an interest in understanding the ramifications of embracing rapidly developing Cloud technologies.

Reasons to AttendAttend the Health Cloud Security Summit to…

• Hear how to safeguard health information in the cloud.

• Better understand emerging Cloud solutions for data security

• Learn about compliance issues introduced and resolved by Cloud

• Compare various Cloud delivery models

• Examine alternatives for Cloud service delivery

• Gain insight into contracting and migrating to the Cloud

Attend HITRUST 2015 to…

• Learn from leading CISOs on their changing roles and responsibilities.

• Learn how to leverage the CSF to support an OCR audit.

• Learn why and how to get started implementing the CSF for security and privacy.

• Gain insight to why privacy was incorporated in the CSF

• Learn how the CSF will change in the future and provide input.

• Learn how to leverage the new HITRUST DE-ID Framework

• Hear lessons learned from CSF Certified organizations.

• See how privacy and security can have a successful partnership.

• Gain visibility into the healthcare industry cyber threat landscape and threat intel sharing

• Learn about how to build a cybersecurity operations center.

• Learn how to assess medical device cyber risks.

• Learn about cybersecurity preparedness and how to participate in CyberRX 2.0 exercise.

• Better engage end users in information protection.

• Learn better ways to prevent data loss.

• Gain new insights regarding mobile device security.

• Better manage third party compliance.

• Use the CSF to support SSAE 16, HIPAA, NIST and EU Safe Harbor.



Pre-Conference and Conference AgendaMay 18-21, 2015 – Gaylord Texan Resort, Grapevine, Texas

Monday, May 18: Pre-Conference

7:45 – 9:00 a.m. Breakfast

9:00 – 9:15 a.m. Welcome – Dan Nutkis, CEO, HITRUST Alliance

9:15 – 10:30 a.m. Opening Keynote: Achieving Security and Privacy with Multi-Cloud Technology; The Future of Cloud Based Application Delivery

– Vincent Campitelli, Vice President, IT Risk Management, McKesson Corporation – Jeff Schilling, Chief Security Officer, FireHost – Blake Sutherland, Vice President, Enterprise Business, Trend Micro – Sol Cates, Chief Security Officer, Vormetric – Laura Lemire, Privacy Attorney, Microsoft – Jerry Breaud, Infrastructure Alliance Manager, VMware

10:30 – 11:00 a.m. Break – Refreshments and Snacks

11:00 – 12:00 p.m. Breakout Sessions: Why Leverage the Cloud?

Trend Micro: Cloud Security Roundtable—How to Keep Healthcare Information Safe Throughout the Journey to the Cloud

– William Crank, MEDHOST – Blake Sutherland. VP Enterprise Business, Trend Micro

McKesson: McKesson’s Approach for Assessing Cloud Services and Service Providers – Vincent Campitelli, Vice President, IT Risk Management, McKesson Corporation

VMware: Compliance and the Software Defined Data Center – Jerry Breaud, Infrastructure Alliance Manager, VMware

12:00 – 1:15 p.m. Lunch

1:15 – 2:15 p.m. Breakout Sessions: Effective Cloud Use

FireHost: How to Leverage IOC for Threat Intelligence in Cyber Threat Exchange – Jeff Schilling, Chief Security Officer, FireHost – Dr. Chase Cunningham, PhD, Threat Intelligent Lead, FireHost

VMware: Architecting a Hybrid Cloud with a Focus on Security & Compliance – Jerry Breaud, Infrastructure Alliance Manager, VMware

Vormetric: Safeguarding Data in the Cloud – Sol Cates, Chief Security Officer, Vormetric




2:30 – 3:30 p.m. Breakout Sessions: Cloud Security, Compliance and Assessment

FireHost: The Impact of Cloud on Assessing Compliance; How Different Cloud Models Present Different Challenges to Compliance

– Kurt Hagerman, CISO, FireHost

Trend Micro: Patient Portals: Benefits, Incentives, and Ensuring Cloud Security and Compliance

– Brian Selfridge, Partner, Meditology Services, Trend Micro – Blake Sutherland, VP Enterprise Business, Trend Micro

Vormetric: Simplifying Compliance with HIPAA and HITECH Security and Privacy Rules – Sol Cates, Chief Security Officer, Vormetric

3:30 – 4:00 p.m. Break – Refreshments and Snacks

4:00 – 5:00 p.m. Main Tent Closing Panel: The Future of Healthcare Organizations in a Secure and Compliant Cloud

– Christopher Pitts, Staff Vice President, Anthem – Laura Lemire, Private Attorney, Microsoft – Mark Ford, Principal, Healthcare Cyber Risk Services Executive Consultant, Deloitte – Prenston Gale, Director, Strategic Accounts, Veris Group – Sol Cates, Chief Security Officer, Vormetric

5:15 – 7:00 p.m. Cocktail Reception

Monday, May 18: Pre-Conference (cont’d)





8:30 – 9:00 a.m. Session Welcome and HITRUST Roadmap – Daniel Nutkis, CEO, HITRUST

9:00 – 10:15 a.m. Anatomy of a Targeted APT: Lessons Learned from the Trenches – Roy Mellinger, Vice President & Chief Information Security Officer, Anthem

10:15 – 10:45 a.m. Cyber Security in the Healthcare Industry and Information Sharing – Richard Harris, Policy, Plans and Strategy, Office of Cybersecurity and Communications, U.S. Department of Homeland Security

10:45 – 12:00 p.m. Cyber Security Operations Center: Building or Outsourcing – Jeff Schilling, CSO, FireHost – Wesley Snell, Director, Computer Security Incident Response Center, Department of Health & Human Services

– Stephen Moore, Director, Information Security, Anthem

12:00 – 1:00 p.m. Lunch

1:00 – 1:30 p.m. Keynote Speaker – Congressman John Ratcliffe, U.S. House of Representatives

1:30 – 2:30 p.m. Breakout Sessions (two tracks—select one)

Tuesday, May 19: HITRUST 2015

Privilege Access Management in a Healthcare Setting? – Sudhakar Gummadi, VP, IT and CISO, Molina Healthcare

2015 Health Industry Threat Landscape – Adam Meyers, CrowdStrike





HITRUST De-ID framework: Achieving World Peace – Kim Gray, Chief Privacy Officer, Global, IMS Health – Khaled El Emam, CEO, Privacy Analytics

Third Party Compliance and Risk Management—How CSF Assurance Can Help – Damon Stokes, Senior Manager, Blue Cross Blue Shield of Michigan – Bryan Sheehan, Director, Information Risk Management, UnitedHealthGroup – Mike Wood, Information Security Officer, Integris Health – Raj Mehta, Partner, Deloitte & Touche

Tuesday, May 19: HITRUST 2015 (cont’d)

4:00 – 5:30 p.m. Emerging Security Technologies and Practices – Vikram Phatak, Chief Executive Officer, NSS Labs – Wael Mohamed, Chief Operating Officer, Trend Micro – Rick Howard, Chief Security Office, Trend Micro – Ryan Witt, Vice President of Healthcare, Fortinet – Jason Brvenik, Principal Engineer, Security Business Group, Cisco

6:00 – 9:00 p.m. Reception – Mission Plaza – Sponsored by Coalfire




Wednesday, May 20: HITRUST 2015


8:30 – 10:00 a.m. The Evolving Information Security Organization in a Cyber World: Strategies, Challenges and Successes

– Erick Rudiak, Vice President & Chief Information Security Officer, Express Scripts – Jonathan Moore, Chief Information Security Officer, Humana – Kevin Charest, PhD, VP, Global Cyber Defense Operations, United Heath Group – Michael Pinch, Chief Information Security Officer, University of Rochester Medical Center

10:00 – 10:15 a.m. Break – Refreshments

10:15 – 11:30 a.m. The Data Breach Nightmare: What’s the Plan? Having a Plan, Roles and Responsibilities – Roy Mellinger, Vice President, IT Security and Chief Information Security Officer, Anthem – Leo Dittemore, Director, Info Security & Privacy, Healthcare Partners

11:30 – 12:30 p.m. Lunch


Security Awareness: Approaches to Educating and Influencing the Weakest Link in Information Protection – Jennifer Inserro, Director, Health Care Services Corporation

Role of Government in Cyber Awareness, Preparedness and Response in a Public/Private Partnership – Don Good, Deputy Assistant Director, Cyber Division, Federal Bureau of Investigation





Wednesday, May 20: HITRUST 2015 (cont’d)

Community-Driven Cyber Threat Intelligence Platform for the Healthcare Industry: HITRUST Cyber Threat XChange (CTX) – Dennis Palmer, Senior Assurance Associate, HITRUST – Colby DeRodeff, Chief Strategy Officer, ThreatStream – Tom Baltis, Chief Information Security Officer, Blue Cross Blue Shield of Michigan – Ronald Weiss, Senior Incident Responder, Information Security Threat Response Team, Health Care Services Corp.

Information Protection Challenges of a Combined Payor and Provider Organization – Omar Khawaja, Vice President and Chief Information Security Officer, Highmark – Chuck Deaton, Deputy Chief Information Security Officer, Humana – Zan Calhoun, Executive Vice President, CIO & Chief IT Strategist, Healthcare Partners

2:30 – 2:45 p.m. Break – Refreshments and Snacks

2:45 – 4:00 p.m. Cybersecurity Preparedness – Mark Ford, Principal, Cyber Risk Services, Deloitte Consulting – Kevin Charest, PhD, VP, Global Cyber Defense Operations, United Heath Group

4:00 – 5:00 p.m. The Evolving World of Privacy and Security: What’s it Mean to You? – Michael Parisi, PricewaterhouseCoopers – Kirk Nahra, Attorney, Wiley Rein, LLP – Caroline Budde, Esp., Chief Privacy Officer, Walgreen Co.




Thursday, May 21: HITRUST 2015


8:30 – 9:00 a.m. Privacy and Security in a Single Controls Framework – A Model for Success – Adrian Christie, Manager, PricewaterhouseCoopers – Michael Parisi, PricewaterhouseCoopers

9:00 – 11:00 a.m. Breakout Sessions (two tracks—select one)

HITRUST CSF: Getting Started through Getting Assessed with the CSF—Lessons Learned and Justification – Brenda Calloway, Director, HCSC – Tom Glaser, Healthcare Consultant, Coalfire

HITRUST CSF: One Framework—Leveraging the HITRUST CSF to Support ISO, HIPAA, NIST Implementation and Compliance and SSAE 16 SOC Reports – Ken Vander Wal, Chief Compliance Officer, HITRUST – Bryan Cline, Senior Advisor, HITRUST – Chris Halterman, Executive Director, Ernst & Young

CSF Roadmap for 2016 and Beyond – Steve Penn, CSF Development and Education Programs, HITRUST – Bryan Cline, Senior Advisor, HITRUST

SecureTexas: Health Information Privacy and Security Certification—A Model Nationally? – Tony Gilman, CEO, Texas Health Services Authority – Pamela Arora, Senior Vice President and Chief Information Officer, Children’s Health – George Gooch, Director of Policy and Planning, Texas Health Services Authority

11:00 – 11:15 a.m. Break – Refreshments and Snacks

11:15 – 12:15 p.m. Role of Cyber Situational Awareness – Vikram Phatak, Chief Executive Officer, NSS Labs

11:00 – 3:00 p.m. CyberRX: HP – Exercise QA and Response Plan Best Practices – (Confirmed Attendees Only)

12:15 p.m. Lunch and Closing Remarks


may 18 – 21, 2015 gaylord texan resort, dallas/fort worth · – blake sutherland, vice...

Documents