Join your peers and industry leaders Friday, December 6th, 2013 - 7:30am to 5:00pm Mayo Clinic - Rochester, MN

Minnesota Health Privacy Summit

3rd Annual

A special keynote presentation on data de-identification, an expert panel discussion on personalized medicine, and advanced breakout sessions will address the most pressing privacy risk and compliance challenges facing healthcare organizations today

Privacy leaders from the Mayo Clinic, Medtronic, UnitedHealth Group, St Jude Medical, HealthPartners, Children’s Hospitals of Minnesota, and more

Ample time and opportunity to network with your industry peers

Round-trip transportation from the Twin Cities to Mayo Clinic and meals included

Presented by the Twin Cities Privacy Network13570 Grove Dr MS371, Maple Grove, 55311

info@twincitiesprivacy.com, www.twincitiesprivacy.com

Gold Sponsors

Session Schedule7:30am - Transportation to Mayo Clinic

Bus departs from Best Buy Corporate Campus

9:00am - Riding Tour of Mayo Clinic

9:30am - The Mayo Privacy Program

Presented by Kim Otte - Chief Compliance Officer and April Carlson - Privacy Officer

9:45am - Keynote Address

Data De-Identification in an Age of Big Data

Khaled El Emam and Daniel Barth-Jones, the world’s top two de-identification experts, will be keynoting on the topic of Data De-Identification in an Age of Big Data. New technologies that analyze massive data sets are calling into question whether and how patient data can be truly de-identified. Hanging in the balance of this question is the efficacy of clinical research that is so critical for finding cures for diseases and improving pharmaceutical and medical-device products. Is HIPAA’s Safe Harbor method still viable? How can the HIPAA “expert determination” method be used to counter Big Data re-identification risks? El Emam, founder of Privacy Analytics and professor at University of Ottawa, and Barth-Jones, founder of dEpid/dt Consulting and professor at Columbia University, will answer these questions, frame the current state of play, and peer into the future for what data de-identification may look like in a few years.

10:45am - Break

11:00am - Keynote Panel Discussion

The Personalized Medicine Revolution

Julie Prigge, Director of Patient eHealth Services for the Mayo Clinic, and business leaders from other healthcare providers will discuss the new horizons in treatment that the use of personal health information is enabling and frame the privacy policy issues they are raising.

12:00pm -Lunch

12:45pm - Breakout Session One

Privacy and Compliance Track

Reporting PHI breaches under the new Omnibus and Obamacare thresholds

TCPN privacy professionals overwhelmingly have reported that the two biggest impacts on their organizations of the Omnibus Rule changes will be their direct applicability to business associates and the new definition of what constitutes a reportable data breach. The new threshold for reporting ‘compromises’ of PHI – even those posing a low risk of harm – portends a greater amount of PHI breach reporting for healthcare entities, resulting in more entries on the HHS ‘wall of shame’. Moreover, those operating with state health-information exchanges face a new requirement under the Affordable Care Act to report suspected breaches within 24 hours. How will healthcare entities cope with these onerous requirements? Gina Kastel – Minneapolis-based partner leading the privacy practice at Faegre Baker Daniels and nationally recognized HIPAA legal expert – will walk through common breach scenarios that were previously not reportable but now are, and identify which controls have now become more important to implement. Kastel will also discuss the legal implications of reporting erroneous breach information within the new 24-hour window and outline a risk-management approach.

Security Track

Breaking bad: advanced techniques for detecting the insider threat

The unprecedented leaks of Bradley Manning, 25, and Edward Snowden, 30, exposed a harsh new reality for organizations: that their most valuable information is vulnerable to complete disclosure by trusted insiders using simple technologies. In hindsight, however, both leakers left a path littered with detectable actions on their way to breaking bad. Is your organization equipped to detect its first Snowden? Patrick Skinner – president of Trend Risks

International and former CIA case officer, and Mike Rossi, a former forensics intelligence officer – will review the detectable behavior patterns of Manning and Snowden within the context of the millennial generation that both belong to. Skinner and Rossi will evaluate the strengths and weaknesses of traditional background-screening and logging controls to detect this threat, and describe new technologies and techniques leveraging skills they learned in the field. As a coup de grace you won’t want to miss, Rossi will perform a live demo evaluating an anonymized breaking-bad candidate.

2:00pm - Breakout Session Two

Privacy and Compliance Track

Privacy training for the millennials: applying learning-style research to your 2014 awareness program

Providing meaningful training can be one of the most cost-effective controls for reducing information risk and demonstrating compliance. But TCPN members who measure the impact of their training have reported a very mixed experience characterized by moderate participation rates, low information retention, and little discernible change in behavior. What does it take to engage the new generation of workers in a high-impact learning experience? Randy Ruckdashel – executive coach and learning facilitator at ORCHa Development – will review Kolb’s model of learning styles and research on the millennial generation and their unique needs and challenges with learning. Ruckdashel will distill those insights into a set of guidelines for privacy managers to assess the learning needs of their employee population and identify the best options to meet those needs. Joining Ruckdashel will be Doug Niska – Vice President of Privacy Operations at UnitedHealth Group – who will outline UHG’s training and awareness program and what techniques have elicited the most positive results.

Security Track

A cyberattacker’s view of ‘low’ versus ‘high’ ratings in privacy risk assessments

More entities than ever before are conducting risk assessments of their sensitive personal information.

Whether it’s responding to an FTC consent order, preparing for an OCR audit, or addressing the expanding mobile threat vector, many are turning to NIST 800-30 and similar approaches that result in low, medium, and high risk ratings. But how reliable are those subjective ratings to quantifying relevant threats? Rodrigo Bijou – former cybersecurity analyst at security technology firms Flashpoint and Palantir, contract risk assessor at MPC, and solution entrepreneur – will challenge assumptions about what qualifies as a ‘low’ versus a ‘high’ risk. Taking an attacker’s perspective with sanitized, actual scenarios he’s encountered, Bijou will provide attendees with a more realistic basis for rating the vulnerabilities he sees within US corporations.

3:00pm - Live Technology Demo

Next-generation personal-health monitoring

Before we board the bus to return from the Mayo back to the Twin Cities, we’ll get an inside look behind the technology powering many of the new personal-health monitoring solutions hitting the market. You may have seen the futuristic ads for products such as Azumio that track your every bio datum and analyze them on a smartphone app viewable by yourself, loved ones, and caregivers. The workhorse behind the scenes is often Silicon Valley-based Vital Connect, a group of former Intel chip geniuses who make the patches that enable much of this to happen. We’ve received permission to demo the product and discuss the dataflows occurring in the background so that privacy pros can get a peek into a PHI use case arriving soon to their inbox.

3:15pm - Transportation to the Twin Cities

Board bus for return to Best Buy Corporate Campus

Return transportation includes an on-board happy hour and social time.

5:00pm - Arrive at Best Buy Campus

To register for this event, go to www.twincitiesprivacy.com

3MAllianz LifeAmplifon USABest BuyBlue Cross/Blue Shield of North DakotaBluestem BrandsBoston ScientificCargillCarlson CompaniesChildren’s Hospitals of MNDeluxeDigital RiverEcolabExplore Information ServicesGander MountainGE CapitalGoodwill/Easter Seals MinnesotaHartford LifeHealth PartnersING

IrdetoKroll OntrackLand O’LakesLawson SoftwareManpowerMayo ClinicMedtronicMerrill CorpMN Teachers Retirement Ass’nNorthstar Capital MarketsPark NicolletPearson VUERBC Wealth ManagementRed Brick HealthSchwan Food CompanySecurian Financial GroupSt. Jude MedicalState of MinnesotaTargetTCF Financial Group

Thomson ReutersThree Point SolutionsThe Toro CompanyTransamerica Life InsuranceTravelersU.S. BancorpU.S. Dept. of Veterans AffairsUnitedHealth GroupUniversity of MinnesotaU.S. Marine CorpsVerifications, Inc.Wells FargoXcel EnergyAmeriprise FinancialCargillDeluxe Corp.MedtronicSt. Jude MedicalUnitedHealth GroupWellpoint

Companies that attended the last Twin Cities Privacy Network conference included:

Join your peers and industry leaders

Registration

*TCPN members are those who have in-house responsibility for their organization’s data privacy, security, or records management. Outside attorneys, consultants, and vendors are not eligible for TCPN membership. If you are not a member and would like to join, contact info@twincitiesprivacy.com. Membership is currently at no charge for qualifying individuals. Members are also encouraged to join the TCPN LinkedIn group for the latest communications.

Don’t wait!

Space is limited and many spaces are already reserved. Our events regularly sell out early, so don’t miss this opportunity.

Member Pricing:Early bird: (first 40 registrations through November 8th) - $249Standard rate: (November 9th through December 6th) - $329

Non-Member Pricing:Standard rate: (Now through December 6th) - $379

Attendees will qualify for 5.25 CPE credits