Legal, Economic, and Enforcement Issues Regarding Health Data Protection and Breach Remediation

Stuart M. Gerson
Member of the Firm, Epstein Becker Green; former Assistant and Acting United States Attorney General; and Leading Advisor and Litigator Regarding Health Care Cybersecurity Issues.

Alaap B. Shah
Associate, Epstein Becker Green, and Counselor on Compliance and Certification Issues in Health Care Data Privacy and Security.

Adapting the Cybersecurity Framework to the Health Care Sector Using the HIPAA Security Rules as a Benchmark

David Holtzman
Vice President, Privacy and Security Compliance Services, CynergisTek, Inc., former Department of Health and Human Services, Office for Civil Rights, Senior Advisor for Health Information Technology and the HIPAA Security Rule.
Assurance That a Common Security Infrastructure Cost-Effectively Satisfy Federal and State Law

Bryan Cline
Chief Information Security Officer for HITRUST Alliance and Expert in the Certification Process for Compliance with Federal Law, Including HIPAA, and State Law, Including that of Texas.

Mark S. Armstrong
Epstein Becker Green
Houston, Texas

Cybersecurity is a front-page national issue with revelations of breaches at the National Security Agency and at nationwide retail chains inciting widespread interest, concern, and, not incidentally, costly remediation programs and even more costly litigation. In particular, the security of personal health information ("PHI") and other personally-identifiable information ("PII") is the subject of public concern that has been manifest in expanding federal and state regulatory regimes that have created considerable compliance challenges for HIPAA- and state-law-covered entities and their business associates. Responses to data breaches and unauthorized disclosures, and related enforcement and private litigation, add both complexity and great expense to the equation.

Health care reform brought many new and amended rules governing health care data security and providing for crippling penalties for noncompliance, even to the point of exposure to civil and criminal liability under Federal and State anti-fraud laws and of exclusion from participation in governmentally-funded health care programs. Thus, it is imperative for health care providers and their business associates to understand the need for effective compliance, including privacy and security audits, legal and regulatory obligations, breach response and remediation, and litigation defense.

This seminar will address these and related issues, including:

  • The breadth and scope of the health care cybersecurity threat
  • Enhanced tools for audit and compliance
  • Security of mobile devices, data systems, and medical devices
  • Insider threats: the chief vulnerability
  • President Obama's executive order on cybersecurity and its impact on the health care sector
  • Federal and state enforcement and the conduct of governmental privacy and security audits
  • Avoidance and defense of administrative actions and private class-action litigation

You should attend this program if you are an administrator, chief executive officer, chief financial officer, compliance officer, privacy professional, security professional, information technology professional, or in-house attorney of any covered entity, including an academic medical center, ambulance provider, clinical laboratory, DMEPOS supplier, health plan, home health agency, hospice, hospital, long-term care facility, MA Plan, Part D Plan, pharmacy, physician group, skilled nursing facility, or other health care provider.

Registration Fee: $30.00 (Includes valet parking).

Health care organizations that register multiple attendees have a maximum registration fee of $90.00.

Please RSVP no later than February 18, 2014.

For additional information, please email Amanda Wilson Naumann at or call 713/300-3200.

Continuing Education Credits

CPIHIMS/CAHIMS: This program has been submitted for review and approval of 3.0 hours of continuing education (CE) hours for use in fulfilling the continuing education requirements of the Certified Professional in Healthcare Information and Management Systems (CPHIMS) and the Certified Associate in Healthcare Information and Management Systems (CAHIMS).

CCB: This program is pending approval for 3.0 Compliance Certification Board (CCB) Continuing Education Units. Granting of prior approval in no way constitutes endorsement of the program content or the program sponsor.

CLE: Epstein Becker Green has been approved by the State Bar of Texas for 3.0 CLE credits. Please note that to receive full credit for attending, registrants must be present for the entire session. Epstein Becker Green provides assistance to those with financial hardship who wish to attend; please submit requests for assistance with an explanation to Amanda Naumann. The briefings are accessible to persons with disabilities; please notify Amanda Naumann if accommodations are needed.

Event Detail

Magnolia Hotel
Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.