THE PRIVACY SYMPOSIUM€¦ · THE PRIVACY SYMPOSIUM SUMMER 2008 PRIVACY IN TRANSITION An Executive...

THE PRIVACY SYMPOSIUMS U M M E R 2 0 0 8

PRIVACY INTRANSITION

An Executive Education Program on Privacy and Data Security Policy and Practice

August 18–21, 2008CLASSES HELD: Sanders Theatre and Harvard Faculty Club, Harvard University, Cambridge, MA

SYMPOSIUM HOTEL: The Charles Hotel, Cambridge, MA

SponsorsAIS’s Report on Patient Privacy American Bankers AssociationAndrews Privacy Litigation Reporter BNA Data Protection Law & Policy E-Commerce Law & Policy E-Commerce Law Week Electronic Privacy InformationCenter Harvard Health Policy Review

Health Affairs Health Information Privacy/Security Alert International Security,Trust & Privacy Alliance I/S: A Journal of Law and Policy for the Information Society GigaLaw.com Physicians EHRPrivacilla.org Privacy.orgPrivacyActivism.org Privacy in Focus

Diamond Grantor

Gold Grantor

Bronze Grantor

KEYNOTE FACULTYAnn Cavoukian, PhD, Information and Privacy Commissioner, Ontario, Canada Sue Glueck, Esq., Senior Privacy Attorney, Microsoft Corporation Damon C. Greer, Office of Technology and E-Commerce, Department of Commerce Eileen Harrington, Esq., Deputy Director, Bureau of Consumer Protection, Federal Trade Commission Lance J. Hoffman, PhD, Professor, Computer Science Department, George Washington University Chris Kelly, MA, JD, Chief Privacy Officer and Head of Global Public Policy, Facebook Douglas Miller, Deputy Chief Privacy Officer and Executive Director, Consumer Advocacy, AOL Michael Phillips, Health Insurance Specialist, CMS Office of E-Health Standards and Services Lawrence A. Ponemon, PhD, Chairman and Founder, Ponemon Institute Peter J Reid, Chief Privacy Officer, EDS Martha Rogers, PhD, Partner, Peppers & Rogers Group Jeffrey Rosen, Esq., Professor of Law, George Washington University Marc Rotenberg, Esq., Executive Director, EPIC Linda Sanches, Senior Advisor, HIPAA Privacy, Office for Civil Rights Anna Slomovic, PhD, Chief Privacy Officer, Revolution Health Group Daniel J. Solove, Esq., Associate Professor of Law, George Washington University Law School Peter Swire, Esq., Professor, Moritz College of Law, Ohio State University Alan F. Westin, Professor Emeritus of Public Law and Government, Columbia University

FEATURING THE FOLLOWING TRACKS:• The New, New Thing in Privacy: Coming Challenges for Privacy Professionals • Financial Services Privacy Policy • Information Technology Privacy Policy • Consumer Privacy Policy • Advanced Issues in Domestic and Global Privacy Policy • Advanced Issues in HIPAA Privacy Compliance • Advanced Issues in HIPAA Security Compliance • Advanced HIPAA Compliance Issues Raised by Health Information Technology

www.PrivacySummerSymposium.com

HIPAASummit

www.HIPAASummit.com

THESIXTEENTHNATIONAL

ONE REGISTRATION — ATTEND TWO CONFERENCES

COLLOCATED WITH THE PRIVACYSYMPOSIUM ON THE HARVARD CAMPUS:

FEATURING PRIVACY CERTIFICATE PROGRAMThe Privacy Certificate Program offers the opportunity for attendees to engage in much greater depth with the fundamental issues of privacy policyand practice raised by the Symposium through completion of assigned readings before the Symposium, participation in a special privacy training preconference and successful completion of a postconference examination.

Privacy Journal Privacy Laws & Business Privacy Times Privacy & Data Protection SearchSecurity.comSpeech Privacy NewsTruste WEDI Wolters Kluwer Law & Business/ CCH Aspen Publishers

2

SYMPOSIUM OVERVIEW

The central theme of this year’s SummerPrivacy Symposium is “Privacy in Transition.”After four decades of privacy balances,

organizational policies, and legal/regulatory systemsgeared to successive waves of computer andtelecommunication applications by businesses andgovernment and then the Net 1.0 environment,many observers believe we have entered a dramaticnew information privacy environment. This arisesfrom a combination of developments, such as Net2.0 technology, personal mobile communicationdevices, the social networking and online self-reve-lation revolution, an increasingly voyeuristic mediaand blogger world, continuous data breaches and a global identity theft enterprise, the shrinkage of public-places anonymity, adoption of onlinebehavioral marketing, and concerns over varioushomeland security surveillance measures. Howthese developments are unfolding, whether theycan be handled effectively by adaptations of the1970 – 2004 privacy systems, or whether demo-cratic nations will need to develop a new privacyframework will be the Symposium’s key issues.

PRIVACY CERTIFICATE PROGRAMThe Privacy Symposium is offering a PrivacyCertificate Program in the form of an optionalcourse within the conference for attendees wishingto take a deeper dive into the Symposium’s subjectmatter. The Privacy Certificate Program curricu-lum and requirements are as follows: 1. Completion of preconference readings (6

hours) before arriving at the Symposium, 2. Consideration of a series of questions issued by

the Program faculty prior to the Symposium tobe thought about in conjunction with the pre-course readings,

3. Attendance of the Preconference Symposiumon Privacy Training (6 hours). Note that thepre-course readings and the questions abovewill be discussed during the PreconferenceSymposium,

4. Make best efforts to attend the completePrivacy Symposium but, in any case, attend atleast 15 educational hours of the PrivacySymposium agenda, and

5. Successful completion (with a score of seventypercent or better) of a post-conference on-lineexamination (1 hour).

Attendees who successfully complete Program requirements will receive a certificate of completion.The Privacy Symposium Privacy CertificateProgram is not a professional certification. Rather it presents the opportunity for attendees to engagein much greater depth the fundamental issues ofprivacy policy and practice raised by theSymposium through completion of readings beforethe Symposium, participation in a special privacytraining preconference and successful competitionof a postconference examination. For those interest-ed in becoming a certified privacy professional, theCertified Information Privacy Professional (CIPP)program offered by the International Association ofPrivacy Professionals (IAPP) is recommended.

PRIVACY SYMPOSIUM/HIPAA SUMMIT MORNING TRACK SESSIONS

Agenda at a Glance MONDAY, AUGUST 18, 2008 • PRECONFERENCE SYMPOSIAPRECONFERENCE I:Privacy Symposium PrivacyCertificate Program Training

PRECONFERENCE II: HIPAA SummitHIPAA Academy (CHP, CHSS™ ANDCHA™) Professional CertificationTraining

PRECONFERENCE III: HIPAA SummitHealth IT Certification (CPEHR,CPHIT and CPHIE) ProfessionalCertification Training

PRIVACY SYMPOSIUM AFTERNOON PLENARY SESSION• The Future of Privacy Breaches: Report

on the Privacy Breach Index (PBI) Survey

• A New Framework for Understanding Privacy

• Department of Commerce Privacy Policy Update

• The Future of Privacy and Behavioral Marketing

• Emerging Privacy Challenges: Social Networking

• Emerging Privacy Challenges: Privacy and Civil Liberties

HIPAA SUMMIT AFTERNOON PLENARY SESSION• Transactions, Code Sets and Identifiers (NPI) Update

• OCR Update on HIPAA Privacy Regulation

• CMS Update on HIPAA Security Regulation

• Lessons Learned: How to Prepare and Respond to a HIPAA Security Audit

• The Role of the NCVHS in Healthcare Privacy and Security Policy

• Healthcare Privacy: The Perspective of a Privacy Advocate

TUESDAY, AUGUST 19, 2008PRIVACY SYMPOSIUM/HIPAA SUMMIT JOINT OPENING PLENARY SESSION• Welcome and Introduction to Morning of Day 1: Privacy in Transition

• A Socratic Dialogue: Why are we here? What do we want to learn?

• Transformational Technologies and the Changing Privacy Landscape

• Is Privacy Policy Working in the Healthcare Sector?

• Privacy Prospects in the New Online Personal Health Record World

• Giving Patients Control Over Uses of their Health Information

LUNCH AT THE HARVARD FACULTY CLUB

WEDNESDAY, AUGUST 20, 2008

PRIVACY SYMPOSIUM MORNING PLENARY SESSION• Introduction and A Brief Overview of EPIC’s “Privacy ‘08” Initiative:

Placing Privacy Policy in the Midst of the Presidential Campaign

• The Future of Privacy: Exposure in a Networked Age

• Identity Crisis: How Identification is Overused and Misunderstood

• The New, New Thing in Privacy

• Roundtable on the Evolving Role of Privacy Advocacy

• The Future of Privacy May Lie in Transformative Technologies: Positive Sum, Not Zero Sum

• Privacy in Transition: The International Perspective

HIPAA SUMMIT MORNING TRACK SESSIONS• Advanced Issues in

HIPAA Privacy Compliance

• Advanced Issues in HIPAA Transactions, Code Sets and Identifier Compliance

THURSDAY, AUGUST 21, 2008PRIVACY SYMPOSIUM/HIPAA SUMMIT JOINT CLOSING PLENARY SESSION• Predicting Privacy Priorities for the New President

• Congressional Staff Privacy Policy Roundtable

• Federal Trade Commission Privacy Policy Regulatory Update

• Department of Homeland Security Privacy Policy Update

• Update from the National Association of Attorneys General Privacy Working Group

• Non-HIPAA Governmental Regulation of Healthcare Privacy and Security

The New,New Thingin Privacy:ComingChallengesfor PrivacyProfessionals

FinancialServices andInformationTechnologyPrivacy Policy

ConsumerPrivacyPolicy

AdvancedIssues inDomesticand GlobalPrivacyPolicy

AdvancedIssues inHIPAASecurityCompliance

AdvancedHIPAAComplianceIssuesRaised byHealthInformationTechnology

NETWORKING RECEPTION AT ANNENBERG HALL, HARVARD UNIVERSITY

3

Privacy Symposium1:00 pm PRECONFERENCE I: PRIVACY SYMPOSIUM

PRIVACY CERTIFICATE PROGRAM TRAINING(Note: This session is mandatory for those participating in the PrivacyCertificate Program)

1:00 pm Welcome and Overview of the Privacy Certificate ProgramAlan F. Westin, PhD, Professor Emeritus of Public Law and Government,Columbia University, Principal, Privacy Consulting Group, Washington, DC

CONTEXT1:15 pm The Notion of Privacy in Historical PerspectiveAlan F. Westin, PhD, Professor Emeritus of Public Law and Government,Columbia University, Principal, Privacy Consulting Group, Washington, DC

1:45 pm Privacy in the United Sates: Constitutional and Regulatory Framework

Robert R. Belair, Esq., Founding Partner, Oldaker, Biden and Belair, FormerDeputy Counsel, White House Privacy Committee, Ford Administration,Washington, DC

2:15 pm Privacy in International PerspectiveMartin Abrams, MA, Senior Policy Advisor and Executive Director, Centerfor Information Policy Leadership, Hunton & Williams LLP, Washington, DC

GROUP WORK2:45 pm Discussion of Preconference ReadingsArthur Miller, Esq., Professor, New York University Law School, FormerBruce Bromley Professor of Law, Harvard Law School, New York, NY

3:15 pm Networking Break

PRIVACY IN PRACTICE3:30 pm How Privacy Relates to SecurityBrian Tretick, CIPP, Executive Director, IT Enablement Center, Ernst & Young, McLean, VA

4:00 pm What it Means to be a Privacy ProfessionalLawrence A. Ponemon, PhD, Chairman and Founder, Ponemon Institute,Adjunct Professor of Ethics and Privacy, CIO Institute, Carnegie MellonUniversity, Traverse City, MI

4:30 pm Alternatives for Professional Certification: CIPP, CISSP, etc.

4:45 pm Networking Break

GROUP WORK5:00 pm Small Groups Hypothetical Case Studies

Facilitated by Privacy Symposium Faculty

NEXT STEPS6:00 pm How to Take the Best Advantage of the Next Three Days;

Preparing for the Privacy Certificate ProgramPostconference Exam

Alan F. Westin, Professor Emeritus of Public Law and Government,Columbia University, Principal, Privacy Consulting Group, Washington, DC

6:30 pm Adjournment

HIPAA Summit8:00 am HIPAA SUMMIT PRECONFERENCE II: HIPAA ACADEMY (CHP,

CHSS™ AND CHA™) PROFESSIONAL CERTIFICATION TRAINING

8:00 am Introduction and OverviewUday O. Ali Pabrai, CISSP, CHSS, Chief Executive and Co founder, HIPAA Academy, Newport Beach, CA

8:15 am Introduction to HIPAAPaul T. Smith, Esq., Partner and Co chair, HIT/HIPAA Practice, Davis Wright Tremaine LLP, San Francisco, CA

Lorna L. Waggoner, Director, HIPAA Academy, Waukee, IA

10:00 am Break

10:15 am Introduction to HIPAA Privacy Paul T. Smith, Esq. and Lorna L. Waggoner

Noon Lunch on Your Own

1:00 pm Advanced HIPAA Privacy TopicsPaul T. Smith, Esq. and Lorna L. Waggoner

2:45 pm Break

3:00 pm Introduction to HIPAA SecurityPaul T. Smith, Esq. and Lorna L. Waggoner

4:45 pm Discussion

5:00 pm Adjournment

8:00 am HIPAA SUMMIT PRECONFERENCE III: HEALTH IT CERTIFICATION (CPEHR, CPHIT AND CPHIE)PROFESSIONAL CERTIFICATION TRAINING

8:00 am Introduction and OverviewSteven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS, President, BoundaryInformation Group, Member, Board of Examiners, Health IT Certification,LLC, Past Chair, WEDI, Denver, CO (Co chair)

8:15 am Overview of Health Information Technology (HIT), ElectronicHealth Records (EHR), and Health Information Exchange (HIE)

William R. Braithwaite, MD, PhD, President, Health Information PolicyConsulting, Former Senior Vice President, and Chief Medical Officer, eHealthInitiative, Former Senior Advisor on Health Information Policy, Department ofHealth and Human Services, Washington, DC

10:00 am Break

10:15 am Legal and Regulatory Aspects of HIT, EHR, and HIEPaul T. Smith, Esq., Partner and Co chair, HIT/HIPAA Practice, Davis Wright Tremaine LLP, San Francisco, CA

Noon Lunch on Your Own

1:00 pm HIT, HIE and EHR Migration PathsMargret Amatayakul, MBA, RHIA, CPEHR, CPHIT, CHPS, FHIMSS,President, Margret\A Consulting, LLC, Adjunct Faculty in Health Informatics,College of St. Scholastica, Former Executive Director, Computer-based PatientRecord Institute, Former Associate Executive Director, AHIMA, Schaumburg, IL

2:45 pm Break

3:00 pm Change Management for HIT, HIE and EHRSteven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS, President, BoundaryInformation Group, Member, Board of Examiners, Health IT Certification, LLC,Past Chair, WEDI, Denver, CO

4:45 pm Discussion

5:00 pm Adjournment

AGENDA: MONDAY, AUGUST 18, 20087:00 am Registration Commences at Memorial Hall Transept

Optional Preconference Symposia (Choose one of three)

4

Morning Day 1: Privacy Symposium/HIPAA Summit Joint Plenary Session7:00 am Registration in Memorial Hall Transept, Harvard University

8:00 am Welcome and Introduction to Morning of Day 1: Privacy in Transition: What’s Next?Alan F. Westin, PhD, Principal, Privacy Consulting Group, Professor Emeritus of Public Law andGovernment, Columbia University, Washington, DC (Co chair)

8:30 am A Socratic Dialogue: Why Are We Here? What Do We Want to Learn?Arthur Miller, Esq., Professor, New York University Law School, Former Bruce Bromley Professor of Law,Harvard Law School, New York, NY

9:00 am Keynote AddressBarney Frank (D-MA) (Invited), United States House of Representatives, Washington, DC

9:30 am Transformational Technologies and the Changing Privacy LandscapeBrian Tretick, Executive Director, IT Enablement Center, Ernst & Young LLP, McLean, VA

10:00 am Roundtable on Privacy in Transition: Healthcare Case Study — Is Privacy Policy Working in the Healthcare Sector?

William R. Braithwaite, MD, PhD, President, Health Information Policy Consulting, Former SeniorVice President, and Chief Medical Officer, eHealth Initiative, Former Senior Advisor on HealthInformation Policy, Department of Health and Human Services, Washington, DC

John Glaser (Invited), Vice President and Chief Information Officer, Partners HealthCare System, Inc.,Founding Chairman, CHIME, Past President, HIMSS, Boston, MA

Deborah C. Peel, MD, Psychiatrist and Medical Privacy Expert, Founder and Chair, Patient PrivacyRights, and the Coalition for Patient Privacy, HIPAA Summit Distinguished Service Award Winner,Austin, TX

Michael Phillips, Health Insurance Specialist, Office of E-Health Standards and Services, Centers forMedicare and Medicaid Services, United States Department of Health and Human Services, Washington, DC

Linda Sanches, Senior Advisor, HIPAA Privacy Outreach & Training, Office for Civil Rights,Department of Health and Human Services, Washington, DC

James D. Whicker, CPAM, Director of EDI, Revenue Cycle, Intermountain Healthcare, Chair, WEDI, Salt Lake City, UT

Gerry Hinkley, Esq., Partner and Chair, Health Information Technology Practice, Davis WrightTremaine, Member, HIMSS HIE Steering Committee, CCHIT Privacy Expert Panel and, Connectingfor Health Policy Subcommittee, San Francisco, CA (Moderator)

11:00 am Break

11:15 am Privacy and Technology: Privacy Prospects in the New Online Personal Health Record World

Dan Christensen, Esq., General Counsel and Corporate Secretary, Dossia, Portland, OR

Matthew A. Kaminer, Esq., Vice-President, Assistant General Counsel, and Chief Privacy Officer, WebMD Health Corp, New York, NY

Jerry Lin, Product Manager, Google Health, Mountain View, CA

Anna Slomovic, PhD, Chief Privacy Officer, Revolution Health, Washington, DC

Michael Stokes, Health Privacy Officer, Microsoft Corporation, Redmond, WA

Alan F. Westin, PhD, Principal, Privacy Consulting Group, Professor Emeritus of Public Law and Government, Columbia University, Washington, DC (Moderator)

Noon Privacy and Technology: Giving Patients Control Over Uses of their Health Information

Richard S. Dick, PhD, Founder, You Take Control, Inc., Co author, The Computer-based PatientRecord: An Essential Technology for Healthcare, Alpine, UT

Robert H. Shelton, Founder and Chief Executive Officer, Private Access, Aliso Viejo, CA


12:30 pm Networking Lunch at Harvard Faculty Club

AGENDA: TUESDAY, AUGUST 19, 2008WHO SHOULDATTENDChief Executive Officers

Chief Operating Officers

Chief Privacy Officers

Chief Security Officers

Chief Technology Officers

Chief Financial Officers

Compliance Officers

Corporate Counsel

Ethics Officers

Risk Managers

Attorneys

Financial Services Executives

E-Commerce Executives

Marketing Managers

Data Managers

Consultants

Government Agency Employees

Information Technology Managers

HIPAA Project Managers

GLB Project Managers

Executive Recruiters

Government Contractors

Privacy Policy Experts

Journalists

Academics

SYMPOSIUM HOTELThe newly renovated Charles Hotel combinesclassic New England design and sophisticatedservice located in the heart of Harvard Square,just minutes from downtown Boston. TheCharles Hotel has become the home away fromhome for internationally renowned businessleaders, government officials, entertainmentexecutives and leisure travelers.

5

Afternoon Day 1: Privacy SymposiumPlenary Session: Privacy in Transition1:45 pm Introduction and Reflections The Future of Privacy Breaches:

Report on the Privacy Breach Index (PBI) SurveyLawrence A. Ponemon, PhD, Chairman and Founder, Ponemon Institute, Adjunct Professor ofEthics and Privacy, CIO Institute, Carnegie Mellon University, Traverse City, MI (Co chair)

2:15 pm A New Framework for Understanding PrivacyDaniel J. Solove, Esq., Associate Professor of Law, George Washington University Law School,Author, Understanding Privacy; Information Privacy Law; The Future of Reputation:Gossip, Rumor, and Privacy on the Internet; and The Digital Person: Technology andPrivacy in the Information Age, Washington, DC

2:45 pm Department of Commerce Privacy Policy UpdateDamon C. Greer, Office of Technology and E-Commerce, International Trade Administration,Department of Commerce, Washington, DC

3:15 pm The Future of Privacy and Behavioral MarketingFran Maier, MBA, Executive Director and President, TRUSTe, San Francisco, CA

Martha Rogers, PhD, Partner, Peppers & Rogers Group, Author, The One to One Future,Enterprise One to One and Managing Customer Relationships, Bowling Green, OH


4:00 pm Break

4:30 pm Panel Discussion of Emerging Privacy Challenges: Social NetworkingSusan B. Barnes, MFA, PhD, Professor, Department of Communication, Associate Director,Lab for Social Computing, Rochester Institute of Technology, Author, Online Connections: InternetInterpersonal Relationships and Computer-Mediated Communication: Human to HumanCommunication Across the Internet, Rochester, NY

Chris Kelly, MA, JD, Chief Privacy Officer and Head of Global Public Policy, Facebook, Former Chief Privacy Officer, Excite@Home, Kendara and Spoke Software, Palo Alto, CA

Tracy Mitrano, JD, PhD, Director of IT Policy, Cornell University, Director, Institute forComputer Policy and Law Program, Cornell University, Author, A Wider World: Youth,Privacy, and Social Networking Technologies, EDUCAUSE Review, Ithaca, NY

Hemanshu Nigam, Esq. (Invited), Chief Security Officer, Fox Interactive Media/MySpace, Former Director of Consumer Security, Outreach and Child Safe Computing, MicrosoftCorporation, Former Vice President of Worldwide Internet Enforcement, Motion PictureAssociation of America, Former Member, Vice President’s Committee on CyberStalking, Former Attorney, Criminal Division, US Department of Justice, Deputy District Attorney, LA County District Attorney’s Office, Los Angeles, CA

Bruce Johnson, Esq., Partner and Chair, Privacy Law Group, Davis Wright Tremaine, Seattle, WA (Moderator)

5:30 pm Panel Discussion of Emerging Privacy Challenges: Privacy and Civil LibertiesJim Dempsey, Esq., Vice President for Public Policy, Center for Democracy & Technology,Former Deputy Director, Center for National Security Studies, Former Assistant Counsel,Judiciary Subcommittee on Civil and Constitutional Rights, United States House ofRepresentatives, Author, Communications Privacy in the Digital Age: Revitalizing TheFederal Wiretap Laws To Enhance Privacy, Co author, Terrorism & the Constitution:Sacrificing Civil Liberties in the Name of National Security, San Francisco, CA

Jameel Jaffer, Esq., Director, National Security Project, American Civil Liberties Union, New York, NY

Alan Charles Raul, Esq., Partner, Sidley Austin LLP, Vice Chairman, Privacy and Civil LibertiesOversight Board, Former Associate Counsel to President Ronald Reagan, Washington, DC

Robert Ellis Smith, Esq., Publisher, Privacy Journal, Author, Privacy: How to Protect What’sLeft of It and Ben Franklin’s Web Site: Privacy and Curiosity from Plymouth Rock to theInternet, Providence, RI (Moderator)

6:30 pm Adjournment and Opening Networking Reception at Annenberg Hall

Afternoon Day 1:HIPAA SummitPlenary Session1:45 pm Introduction to Afternoon of Day IIAlan S. Goldberg, JD, LLM, Attorney & Counsellor at Law,Adjunct Professor of Law, Suffolk University, and University ofMaryland, Past President and Fellow, American Health LawyersAssociation, Washington, DC (Co chair)

2:00 pm Transactions, Code Sets and Identifiers (NPI)Update

James D. Whicker, CPAM, Director of EDI, Revenue Cycle,Intermountain Healthcare, Chair, WEDI, Salt Lake City,UT

2:45 pm OCR Update on HIPAA Privacy Regulation

Linda Sanches, Senior Advisor, HIPAA Privacy Outreach &Training, Office for Civil Rights, Department of Health andHuman Services, Washington, DC

3:30 pm CMS Update on HIPAA Security Regulation

Michael Phillips, Health Insurance Specialist, Office of E-Health Standards and Services, Centers for Medicare andMedicaid Services, United States Department of Health andHuman Services, Washington, DC

4:15 pm Break

4:30 pm Lessons Learned from the PiedmontHealthcare HIPAA Security Audit

Nadia Fahim-Koster, MBA, CHPS, CISSP, InformationSecurity Director, Piedmont Healthcare, Atlanta, GA

Ken Schwartz, Vice President of Compliance, PiedmontHealthcare, Inc., Atlanta, GA

5:00 pm How to Prepare and Respond to a HIPAA Security Audit

Cliff Baker, Director, Health Information Technology,PricewaterhouseCoopers, Atlanta, GA

5:30 pm The Role of the National Committee on Vital and Health Statistics in HealthcarePrivacy and Security Policy

Harry L. Reynolds, Jr., Vice President of HIPAA, and Informa-tion Compliance Officer, Blue Cross & Blue Shield of NorthCarolina, Inc., Chair Elect, National Committee on Vital andHealth Statistics, Chair, Committee on Operating Rules forInformation Exchange (CORE) of CAQH, Durham, NC

6:00 pm Healthcare Privacy: The Perspective of a Privacy Advocate

Deborah C. Peel, MD, Psychiatrist and Medical PrivacyExpert, Founder and Chair, Patient Privacy Rights, and theCoalition for Patient Privacy, HIPAA Summit DistinguishedService Award Winner, Austin, TX

Deven McGraw, Esq., Director, Health Privacy Project,Center for Democracy & Technology, Co chair, Confidentiality,Privacy and Security Workgroup, American Health InformationCommunity, Former Chief Operating Officer, NationalPartnership for Women & Families, Washington, DC

6:45 pm Adjournment and OpeningNetworking Receptionat Annenberg Hall

TUESDAY, AUGUST 19, 2008

6

Morning Day 1I: PrivacySymposium Plenary Session:Privacy in Transition8:00 am Introduction and A Brief Overview of EPIC’s “Privacy ‘08”

Initiative: Placing Privacy Policy in the Midst of thePresidential Campaign

Marc Rotenberg, Esq., Executive Director, EPIC, Adjunct Professor,Georgetown University Law Center, Co author, Information Privacy Law,Washington, DC (Co chair)

8:30 am The Future of Privacy: Exposure in a Networked AgeJeffrey Rosen, Esq., Professor of Law, George Washington University, Legal Affairs Editor, The New Republic, Author, The Unwanted Gaze: The Destruction of Privacy in America, Washington, DC

9:00 am The New, New Thing in PrivacyJames Koenig, CIPP, Practice Leader, Privacy Strategy and Compliance,PricewaterhouseCoopers, Privacy Council, Direct Marketing Association,Former General Counsel, International Association of Privacy Professionals,Philadelphia, PA

9:30 am Roundtable on the Evolving Role of Privacy AdvocacyLillie Coney, Associate Director, EPIC, and Coordinator, Privacy Coalition,Washington, DC

Beth Givens, MLS, MA, Founder and Director, Privacy RightsClearinghouse, Author, The Privacy Rights Handbook: How to TakeControl of Your Personal Information, Co author, Privacy Piracy: A Guideto Protecting Yourself from Identity Theft, San Diego, CA

Chris Hoofnagle, Esq., Senior Staff Attorney, Samuelson Law, Technology & Public Policy Clinic, Senior Fellow, Berkeley Center for Law & Technology,Boalt Hall School of Law University of California, Berkeley, Former SeniorCounsel, Electronic Privacy Information Center Berkeley, CA

Deven McGraw, Esq., Director, Health Privacy Project, Center for Democracy& Technology, Co chair, Confidentiality, Privacy and Security Workgroup,American Health Information Community, Former Chief Operating Officer,National Partnership for Women & Families, Washington, DC

Robert Ellis Smith, Esq., Publisher, Privacy Journal, Author, Privacy: Howto Protect What’s Left of It and Ben Franklin’s Web Site: Privacy andCuriosity from Plymouth Rock to the Internet, Providence, RI (Moderator)

10:30 am Break

11:00 am The Future of Privacy May Lie in TransformativeTechnologies: Positive Sum, Not Zero Sum

Ann Cavoukian, PhD, Information and Privacy Commissioner, Ontario,Author, The Privacy Payoff: How Successful Businesses Build CustomerTrust, Ontario, Canada

11:30 am Privacy in Transition: The International PerspectiveAnn Cavoukian, PhD, Information and Privacy Commissioner, Ontario,Author, The Privacy Payoff: How Successful Businesses Build CustomerTrust, Ontario, Canada

Morning Day 1I: HIPAA SummitTrack SessionsHIPAA SUMMIT MORNING TRACK I: ADVANCEDISSUES IN HIPAA PRIVACY COMPLIANCE

8:00 am Introduction and Overview; Inquiring Minds Want to Know:Curious Employees who Misuse Patient Information

Thomas Jeffry, Jr., Partner, Davis Wright Tremaine, Los Angeles, CA (Co chair)

8:30 am Privacy as a Cultural PhenomenonSusan E. Mazer, President and Chief Executive Officer, Healing HealthCareSystems, Inc., Reno, NV

9:00 am Planning Ahead—How will you Respond to a Privacy BreachInvolving Thousands of Patients at Your Facility

David J. Behinfar, JD, LLM, HIPAA Compliance Manager, University ofFlorida Jacksonville Healthcare, Inc., Jacksonville, FL

9:30 am HIPAA Privacy and Security Issues in Sharing ImmunizationData for Children in the Metropolitan Area

Susan A. Miller, Esq., Assistant Program Manager, NJ-HISPC, ChiefOperations Officer, Chief Privacy Officer, HealthTransactions.com, Lowell, MA

10:00 am Break

10:30 am Speech Privacy: What WEDI, AIA, AHA and USGBC SayWilliam Cavanaugh, FASA, INCE Bd Cert, Founding Director, ArchitecturalAcoustics, Bolt Beranek & Newman, Co-founder and Editor, ANSI S12Workgroup 44, Cambridge, MA

Kurt A. Rockstroh, AIA, ACHA, President and Chief Executive Officer,Steffian Bradley Architects, Co chair, Health Guidelines Revision Committee,Facility Guidelines Institute (AIA), Boston, MA

David M. Sykes, Co chair, ANSI S12 Workgroup 44, Cambridge, MA

11:30 am Trained to Boredom: Strategies for Making HIPAA TrainingRelevant and Memorable in Ensuring Compliance

Brandon Ho, HIPAA Compliance Specialist, US Army Medical Command,Pacific Regional Medical Command Tripler AMC, Honolulu, HI

Noon HIPAA Privacy Rule Violation: A Case StudySarah Ingersoll, RN, MS, MBA, Vice President and Director of CaseManagement, PlanetHospital, Clinical Instructor, Keck School of Medicine,University of Southern California, Pasadena, CA

12:30 pm Networking Luncheon (Annenberg Hall)

HIPAA SUMMIT MORNING TRACK II: ADVANCEDISSUES IN HIPAA TRANSACTIONS, CODES SETSAND IDENTIFIER COMPLIANCE

8:00 am Introduction and Overview: Overview of Transactions and Code Sets and the National Provider Identifier (NPI)

Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS, President, BoundaryInformation Group, Member, Board of Examiners, Health IT Certification,LLC, Past Chair, WEDI, Denver, CO (Co chair)

8:30 am HIPAA Transactions—The Next GenerationsDavid A. Feinberg, CDP, President, Rensis Corporation, Seattle, WA

9:15 am Transactions, Code Sets and Identifiers Compliance: Demystifying the Healthcare Claim Attachments

Gary A. Beatty, President, EC Integrity, Inc., Past Chair, X12N InsuranceSubcommittee, Stewartville, MN

10:00 am Break

AGENDA: WEDNESDAY, AUGUST 20, 2008

Sessions Continued on Page 7

SessionsContinuedon Page 7

© 2

008

Dan

iel L

oise

lle/iS

tock

7

Noon Networking Luncheon at Annenberg Hall

Afternoon Day 1I: Privacy Symposium and HIPAA SummitTrack SessionsPRIVACY SYMPOSIUM AFTERNOON TRACK I:THE NEW, NEW THING IN PRIVACY: COMINGCHALLENGES FOR PRIVACY PROFESSIONALS Part I: Introduction to the New Privacy Environment

1:30 pm Overview of the New Privacy EnvironmentJames Koenig, CIPP, Practice Leader, Privacy Strategy and Compliance,PricewaterhouseCoopers, Privacy Council, Direct Marketing Association,Former General Counsel, International Association of Privacy Professionals,Philadelphia, PA (Co chair)

Part II: New and Emerging Privacy Challenges and Risks

2:00 pm Better Privacy Through Identity ManagementJim McCabe, Director, Consumer Relations and IDSP, American NationalStandards Institute, New York, NY

2:30 pm Bringing Administrative, Legal and Technology Controls Together

Lance J. Hoffman, PhD, Distinguished Research Professor, ComputerScience Department, George Washington University, Founder and SeniorStaff Researcher, Cyberspace Security Policy and Research Institute,Washington, DC

Part III:The Role of Technology in the New Privacy Environment

3:00 pm From Privacy-Enabled Technology to Privacy-EnabledArchitecture

Stuart Shapiro, PhD, Principal Information Privacy and Security Engineer,The MITRE Corporation, Co editor, U.S. Government Privacy: EssentialPolicies and Practices for Privacy Professionals, Bedford, MA

3:30 pm Managing Risks in Emergent Telecommuting Scenarios Sagi Leizerov, PhD, Senior Manager, IT Enablement Center, Ernst & Young LLP, McLean, VA

4:00 pm Break

Part IV: New Approaches and Frameworks for Privacy Professionals to Manage Risk

4:30 pm Corporate Reputation, Not Regulation: The Case for Creating a Culture of Privacy

Mitchell Merowitz, Chief Privacy Officer, AIR MILES Rewards Program,Alliance Data Loyalty Services, Toronto, ON, Canada

Stewart Dresner, Chief Executive, Privacy Laws and Business, Founder and First Chairman, UK’s Data Protection Forum, Harrow, UK

Stephen Lau, Chairman, EDS Hong Kong, Former Privacy Commissioner,Hong Kong, Hong Kong, China

Martin Abrams, MA, Senior Policy Advisor and Executive Director, Center for Information Policy Leadership, Hunton & Williams LLP,Washington, DC (Moderator)

10:30 am NPI Implementation Update and ICD 10 ImplementationWalter G. Suarez, MD, MPH, President & Chief Executive Officer, Institute for HIPAA/HIT Education and Research, President, Public Health Data Standards Consortium, Alexandria, VA

11:15 am The New Standard Health Identification Card and the ISO Standard US Healthcare Identifier

Peter Barry, Chief Executive Officer, Enumeron, Co-chair, WEDI Workgroup for National Provider Identifier Implementation, Naples, FL

Privacy Plenary Continued HIPAA Tracks Continued

HIPAA SUMMIT AFTERNOON TRACK I:ADVANCED ISSUES IN HIPAA SECURITYCOMPLIANCE

1:30 pm Introduction and Overview John C. Parmigiani, President, John C. Parmigiani and Associates, LLC,Former Director of Enterprise Standards, HCFA, Ellicott City, MD (Co chair)

2:00 pm Information Security In A Health Care EnvironmentWalter Padworski, Information Security Officer, Frankford Hospitals,Langhorne, PA

2:45 pm Out of Sight, Out of Mind: Risks of Working OffsiteKate Borten, CISSP, CISM, President, The Marblehead Group, Former Chief Information Security Officer, Beth Israel Deaconess Medical Center and CareGroup, Author, HIPAA Security Made Simple and Guide to HIPAA Security Risk Analysis, Marblehead, MA

3:30 pm Pulling It All Together for Secure Health InformationTechnology (HIE)

Holt Anderson, Executive Director, North Carolina Healthcare, Information& Communications Alliance, Inc. (NCHICA), Research Triangle Park, NC

4:15 pm Break

4:45 pm Risk Assessment: Key to a Successful Risk Management Program

Timothy H. Rearick, MBA, Affiliate Consultant, North Highland, Former Program Director, State of Florida’s Health Insurance Portability and Accountability Act, Tallahassee, FL

5:30 pm HITSP Interoperable Standards for Privacy and SecurityWalter G. Suarez, MD, MPH, President and Chief Executive Officer,Institute for HIPAA/HIT Education and Research, Co chair, HITSPSecurity, Privacy and Infrastructure Technical Committee, Alexandria, VA

6:15 pm Adjournment

Sessions Continued on Page 8Sessions Continued on Page 8


Noon Networking Luncheon at Annenberg Hall

8

HIPAA SUMMIT AFTERNOON TRACK II:ADVANCED HIPAA COMPLIANCE CHALLENGESRAISED BY HEALTH INFORMATIONTECHNOLOGY

1:30 pm Introduction and Overview of HIT Privacy and Security IssuesGerry Hinkley, Esq., Partner and Chair, Health Information TechnologyPractice, Davis Wright Tremaine, Member, HIMSS HIE Steering Committee,CCHIT Privacy Expert Panel and Connecting for Health PolicySubcommittee, San Francisco, CA (Co chair)

2:00 pm Advancing Interoperability: The CAQH CORE Phase II Rules—More Eligibility Data in Real Time

Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS, President, BoundaryInformation Group, Member, Board of Examiners, Health IT Certification,LLC, Past Chair, WEDI, Denver, CO

Morgan Tackett, MHA, CPHIT, Director, Electronic Solutions, Blue CrossBlue Shield North Carolina, Durham, NC

2:45 pm eHI Consensus Legislation Project: Engaging Consumers onPrivacy

Christine Bechtel, Vice President/Public Policy-Government Relations,eHealth Initiative, Washington, DC

Gerry Hinkley, Esq., Partner and Chair, Health Information TechnologyPractice, Davis Wright Tremaine, Member, HIMSS HIE Steering Committee,CCHIT Privacy Expert Panel and Connecting for Health PolicySubcommittee, San Francisco, CA

3:30 pm Break

4:00 pm Defining the Legal Electronic Health Record: Privacy and Practical Concerns

Barry S. Herrin, JD, FACHE, Partner, Smith Moore LLP, Atlanta, GA

4:45 pm When Is Personal Health Record the Legal Health Record?Privacy and Legal Implications

Joan Beach, Privacy Official, Catholic Healthcare West, Sacramento, CA

5:30 pm Privacy and Genomics Peter Blenkinsop, Esq., Secretariat and Legal Counsel, InternationalPharmaceutical Privacy Consortium, Washington, DC

6:15 pm Adjournment

Privacy Tracks Continued HIPAA Tracks Continued

5:00 pm Making Privacy OperationalMichael Willett, PhD, Senior Director, Seagate Research, Chair, PrivacyFramework Project, International Security, Trust, and Privacy Alliance,Raleigh, NCJohn Sabo, CISSP, Manager: Security, Privacy, Trust Initiatives, ComputerAssociates, President, International Security, Trust, and Privacy AllianceMember, Information Security and Privacy Advisory Board, Islandia, NY

5:30 pm Transferring Risk of a Privacy EventPaul Paray, Underwriting Director, CNA Financial, New York, NY

6:00 pm Adjournment

PRIVACY SYMPOSIUM AFTERNOON TRACK II:FINANCIAL SERVICES AND INFORMATIONTECHNOLOGY PRIVACY POLICY

1:30 pm Introduction and Overview of Financial Services Privacy:Synthesizing Financial Services Industry Privacy

David Medine, Esq., Partner, WilmerHale, Former Associate Director for Financial Practices, Office of Consumer Protection, Federal TradeCommission, Former Senior Advisor, National Economic Council, The White House, Washington, DC (Co chair)

2:00 pm Losing Control: Understanding the Value of Privacy after a Breach

Christopher T. Pierson, Senior Vice President and Chief Privacy Officer,Citizens Financial Group, Inc., Providence, RI

2:30 pm New Identity Theft Red Flag Rules: What Is New and HowLeading Companies are Integrating into Existing Processes

Lael Bellamy, Esq. (Invited), Chief Counsel, ING, Former Privacy Officer,Home DepotLydia Payne-Johnson, Manager, Financial Services Privacy Practice,PricewaterhouseCoopers, Former Chief Privacy Officer, Morgan Stanley, New York, NYPeter Rabinowitz, Director, Financial Services Privacy Practice,PricewaterhouseCoopers, Philadelphia, PA

3:00 pm Understanding Enterprise Privacy Compliance Processes forthe Financial Services Industry

Karen Hult, PhD, Assistant Professor, Department of Political Science,Virginia Tech, Blacksburg, VA

Anne Meredith Khademian, PhD, Assistant Professor, Center for PublicAdministration and Policy, Virginia Tech University, Alexandria, VA

James F. Wolf, PhD, President and Professor, Biomedical Sciences, Edward ViaVirginia College of Osteopathic Medicine, Blacksburg, VA

Lawrence A. Ponemon, PhD, Chairman and Founder, Ponemon Institute,Adjunct Professor of Ethics and Privacy, CIO Institute, Carnegie MellonUniversity, Traverse City, MI

3:45 pm Break

4:15 pm Information Technology Privacy Regulatory UpdateDouglas Miller, Deputy Chief Privacy Officer, and Executive Director,Consumer Advocacy, AOL, Dulles, VA

5:00 pm Data Breaches: Security and Privacy Lessons LearnedSue Glueck, Esq., Senior Attorney, Microsoft Corporation, Redmond, WA

Adam Shostack, Senior Security Program Manager, Security DevelopmentLifecycle, Microsoft Corporation, Redmond, WA

5:45 pm Turning the Tables: How Targeted Marketing by BroadbandService Providers Will Disrupt the Google Advertising Model—Privacy Implications

Yaron Dori, Esq., Partner, Hogan & Hartson LLP, Washington, DC

6:15 pm Adjournment Sessions Continued on Page 9


Annenberg Hall

9

PRIVACY SYMPOSIUM AFTERNOON TRACK III:CONSUMER PRIVACY POLICY1:30 pm Introduction and Overview Martin Abrams, MA, Senior Policy Advisor and Executive Director, Center for Information Policy Leadership, Hunton & Williams LLP,Washington, DC (Co chair)

Charlene Brownlee, Esq., Partner, Davis Wright Tremaine, Co author,Privacy Law, Seattle, WA (Co chair)

2:00 pm You Want What?—Practical Considerations in and Strategiesfor Sharing Personal Data in the Information Age

Deb Hampson, Esq., Assistant Vice President and Assistant GeneralCounsel, The Hartford, Simsbury, CT

Nell Walker, Esq., Assistant Vice President, Senior Counsel, and AssistantPrivacy Officer, Unum Group, Portland, ME

2:30 pm Is There a Conflict Between Fighting Identity Fraud and Protecting Privacy Rights?

Jim Dempsey, Esq., Vice President for Public Policy, Center for Democracy &Technology, Former Deputy Director, Center for National Security Studies,Former Assistant Counsel, Judiciary Subcommittee on Civil andConstitutional Rights, United States House of Representatives, Author,Communications Privacy in the Digital Age: Revitalizing the FederalWiretap Laws to Enhance Privacy, Co author, Terrorism & theConstitution: Sacrificing Civil Liberties in the Name of National Security,San Francisco, CAOri Eisen, Founder, Chairman and Chief Innovation Officer, The 41stParameter, Former Worldwide Fraud Director, American Express, FormerDirector of Fraud Prevention, VeriSign/Network Solutions, Scottsdale, AZJameel Jaffer, Esq., Director, National Security Project, American CivilLiberties Union, New York, NYThomas Oscherwitz, Esq., Vice President of Government Affairs and Chief Privacy Officer, ID Analytics, Inc., Former Counsel to Senator Dianne Feinstein (D-Cal.) and Staff, Judiciary Subcommittee on Terrorism,Technology, and Homeland Security, United States Senate, San Diego, CARandy Gainer, Esq., Partner, Davis Wright Tremaine, Author, The NSA’sInterception of Emails and Phone Calls in the U.S. is Unlawful, Journalof Internet Law, Seattle, WA (Moderator)

3:30 pm Break

4:00 pm Enterprise-Wide Approaches to Identity Theft Identification,Reduction, and Response

Kristofor O’Neal, CIPP, Associate, Booz Allen Hamilton, Co author, NIST Special Publication 800-35, Guide to InformationTechnology Security Services, McLean, VADaniel Steinberg, CIPP, Associate, Booz Allen Hamilton, McLean, VA

4:30 pm Privacy: Pre- and Post-BreachJay Foley, Executive Director, Identity Theft Resource Center, San Diego, CA

5:00 pm Consumer Attitudes Toward Behavioral TargetingCarolyn Hodge, MBA, Vice President of Communications, TRUSTe, San Francisco, CA

6:00 pm Adjournment

PRIVACY SYMPOSIUM AFTERNOON TRACK IV:ADVANCED ISSUES IN DOMESTIC ANDGLOBAL PRIVACY AND SECURITY POLICY1:30 pm IntroductionPeter J. Reid, Chief Privacy Officer, EDS, Plano, TX (Co chair)

2:00 pm Data Privacy . . . The Internal Threat of Which You May Not be Aware

Eric Offenberg, CIPP, World Wide Product Marketing Manager, IBM,Princeton, NJ

2:30 pm Understanding Privacy Regulatory Restrictions on TransBorder Data Flow

Peter J. Reid, Chief Privacy Officer, EDS, Plano, TX

3:00 pm Data Privacy and Corporate GovernanceStephen Lau, Chairman, EDS Hong Kong, Former Privacy Commissioner,Hong Kong, Hong Kong, China

3:30 pm Break

4:30 pm Developing an Enterprise Wide Privacy and Data SecurityTraining Program

Ross T. Janssen, Esq., CIPP, University Privacy and Security Officer,University of Minnesota, Minneapolis, MNJohn Jensen, Assistant Director of Privacy and Security, University ofMinnesota, Minneapolis, MN

5:00 pm Using Safe Harbor to Develop an Integrated, Global Assessment Approach

Laurie A. Smaldon, Manager, Privacy and Identity Theft Practice,PricewaterhouseCoopers, New York, NY

Dean Forbes (Invited), Senior Director, Global Office of Privacy, Schering-Plough, Kenilworth, NJ

5:30 pm Impacts on Practices and Controls from the New Financial Privacy Rules

Julianne Inozemcev, Partner, Financial Services Organization, Ernst & Young LLP, Boston, MA

6:00 pm Adjournment

Privacy Tracks Continued


Symposium ChairsARTHUR R. MILLER is a Professor at New York UniversitySchool of Law and the former Bruce Bromley Professor of Lawat Harvard Law School and is an expert in Civil Procedure.Professor Miller was also a legal advisor for ABC’s GoodMorning America and Court TV, and the host of a weekly television show titled Miller’s Court on WCVB-TV. He was

a Faculty Fellow, Berkman Center for Internet & Society where he led theBerkman Center’s inaugural online lecture and discussion series, Privacy inCyberspace. Professor Miller is said to be the infamous Rudolph Perini, apseudonym author Scott Turow used in his autobiographical account ofHarvard Law School, One L, to describe a particularly abrasive professor.

DR. ALAN F. WESTIN is Professor of Public Law and GovernmentEmeritus at Columbia University and Co-Founder and Principal of thePrivacy Consulting Group. He has authored or edited 26 books. Professor

Westin’s major books on privacy in the early days of computers—Privacy and Freedom (1967) and Databanks in a Free Society(1972) — were pioneering works that prompted U.S. privacy legislation and helped launch global privacy movements in manydemocratic nations in the 1960’s and 70’s. Over the past fortyyears, Dr. Westin has been a member of U.S. federal and state

government privacy commissions and an expert witness before legislative com-mittees and regulatory agencies. He has been a privacy consultant to many U.S.federal, state, and local government agencies and government research founda-tions and has helped write privacy codes for over one hundred companies,including IBM, American Express, Citicorp, Intel, Prudential, A.T.&T., NewsCorporation, VISA, and Merck. He has keynoted privacy conferences aroundthe world, from Canada to England, France, the Netherlands, Germany,Austria, Italy, Sweden, Japan and Hong Kong. Since 1978, he has been the academic advisor to Harris Interactive for more than 60 national surveys ofpublic and leadership attitudes toward consumer, employee, and citizen privacy issues, in the United States, Canada, Germany, Britain and Japan.

10

10:00 am Federal Trade Commission Privacy Policy Regulatory UpdateEileen Harrington, Esq., Deputy Director, Bureau of Consumer Protection,Federal Trade Commission, Washington, DC

10:30 am Department of Homeland Security Privacy Policy UpdateKenneth P. Mortensen, Esq., Acting Chief Privacy and Civil LibertiesOfficer, United States Department of Justice, Co-chair, US GovernmentCIO Council Privacy Committee, Co-chair, US Government InformationSharing, Environment Privacy Guidelines Committee, Adjunct LawFaculty, Villanova University School of Law, Washington, DC

11:00 am Break

11:15 am Update from the National Association of Attorneys General Privacy Working Group

Julie Brill, Esq., Assistant Attorney General, Vermont Attorney General’sOffice, Montpelier, VT

Esther Chavez, Esq., Assistant Attorney General, Texas Attorney General’sOffice, Austin, TX

Christine Nielsen, Esq., Assistant Attorney General, Illinois AttorneyGeneral’s Office, Springfield, IL

Catherine Z. Ysrael, Esq., Deputy Attorney General, California AttorneyGeneral’s Office, Sacramento, CA

12:15 pm Non-HIPAA Governmental Regulation of Healthcare Privacyand Security

Gerry Hinkley, Esq., Partner and Chair, Health Information TechnologyPractice, Davis Wright Tremaine, Member, HIMSS HIE SteeringCommittee, CCHIT Privacy Expert Panel and Connecting for HealthPolicy Subcommittee, San Francisco, CA

12:45 pm Adjournment

8:00 am Introduction to the Morning Day III Peter Swire, Esq., C. William O’Neill Professor of Law, Moritz College of Law,Ohio State University, Former Chief Counselor, Office of Management &Budget, Office of the President of the United States, Columbus, OH (Co chair)

8:15 am Predicting Privacy Priorities for the New PresidentAlan Charles Raul, Esq., Partner, Sidley Austin LLP, Vice Chairman,Privacy and Civil Liberties Oversight Board, Former Associate Counsel toPresident Ronald Reagan, Washington, DC

Peter Swire, Esq., C. William O’Neill Professor of Law, Moritz College ofLaw, Ohio State University, Former Chief Counselor, Office of Management& Budget, Office of the President of the United States, Columbus, OH

9:00 am Congressional Staff Privacy Policy Roundtable (Invited) David Cavicke, Esq., Minority Chief of Staff, House Energy and CommerceCommittee, Washington, DC

James Clinger, Esq., Minority Chief Counsel, House Financial ServicesCommittee, Washington, DC

Bruce Cohen, Esq., Chief Counsel and Staff Director, Senate JudiciaryCommittee, Washington, DC

Ricardo Delfin, Esq., Majority Senior Counsel, House Financial Services,Washington, DC

Amy Friend, Esq., Chief Counsel, Senate Banking Committee, Washington, DC

David Strickland, Esq., Democratic Senior Counsel, Senate CommerceCommittee, Washington, DC

Robert R. Belair, Esq., Founding Partner, Oldaker, Biden and Belair, FormerDeputy Counsel, White House Privacy Committee, Ford Administration,Former Attorney, Bureau of Consumer Protection, Federal Trade Commission,Washington, DC (Co moderator)

Stuart K. Pratt, President and Chief Executive Officer, Consumer DataIndustry Association, Washington, DC (Co moderator)

AGENDA: THURSDAY, AUGUST 21, 2008

Symposium Day III: Joint Privacy Symposium and HIPAA Summit Closing Plenary Session

THE SETTINGHarvard University: Harvard University, the oldest institution of higher learning in the United States, was established in 1636 by a vote of the Great and General Court of the Massachusetts BayColony. It was named for its first benefactor, John Harvard of Charlestown, a young minister who upon his death in 1638, left his library and half of his estate to the new institution. Today, Harvard has grown to become a great undergraduate and graduate research University, with more than 18,000degree candidates enrolled.

The Harvard Faculty Club:On the edge of historic Harvard Yard, the HarvardFaculty Club offers an atmosphere of dignity, elegance and charm for members of theUniversity community. Fine dining, decorative private dining rooms, comfortableovernight accommodations, reasonable prices, and personalized attention make it oneof the most inviting establishments in the Boston area.

Sanders Theatre, Harvard University: Inspired by Christopher Wren’s Sheldonian Theatre atOxford, England, Sanders Theatre is famous for its design and its acoustics. A member of the League of Historic American Theatres, the 1,166 seat theatre offers a unique and intimate 180 degree designwhich provides unusual proximity to the stage. The theatre was designed to function as a major lecturehall and as the site of college commencements. Although Sanders saw its last commencement exercise in1922, the theatre continues to play a major role in the academic mission of Harvard College, hostingundergraduate core curriculum courses, the prestigious Charles Eliot Norton Lectures, and the annualPhi Beta Kappa induction ceremony. Many of the most venerable academic, political and literary figuresof the nineteenth and twentieth century have taken the podium at Sanders Theatre including WinstonChurchill, Theodore Roosevelt, and Martin Luther King, Jr.

11

THE PRIVACY SYMPOSIUM: AN EXECUTIVE EDUCATION PROGRAM ON PRIVACY AND DATA SECURITY POLICY AND PRACTICE

Reasons for requesting scholarship:

Please fax your completed form to 760-418-8084.Mail to: Conference Office, 3291 West Wilson Road, Pahrump, NV 89048.Scholarship applications will not be accepted by phone or e-mail.

Payment must be received with registration to qualify for early registration discount.

STANDARD REGISTRATION (DOES NOT INCLUDE PRECONFERENCE)❏ Privacy Symposium (THROUGH 6/20/08) $1,195.00*❏ Privacy Symposium (THROUGH 7/18/08) $1,395.00**❏ Privacy Symposium (AFTER 7/18/08) $1,595.00

PRIVACY CERTIFICATE PROGRAM ❏ $ 295.00**** This price reflects a discount for registration and payment received by Friday, June 20, 2008.** This price reflects a discount for registration & payment received by Friday, July 18, 2008.*** This fee covers the cost of the post conference online examination for the Privacy CertificateProgram. Please note that all participants in the Privacy Certificate Program must also registerfor the Preconference on Privacy Training.

PRIVACY SYMPOSIUM ELECTRONIC MEDIA****When purchased with full Symposium Registration: Data DVD: ❏ $145 Flash Drive: ❏ $145 iPOD Nano: ❏ $295**** For all shipments outside the U.S., a charge of $35 ($75 for iPOD) will be added to yourorder for international shipping/handling. For all shipments inside the U.S. a $15 shippingcharge will be added.

ACCOUNT NO.

NAME OF CARDHOLDER EXP. DATE /

SIGNATURE OF CARDHOLDER

REGISTRANT SIGNATURE

1: PLEASE COMPLETE THE FOLLOWING PLEASE PRINT

NAME

SIGNATURE OF REGISTRANT - REQUIRED

JOB TITLE

ORGANIZATION

DEPARTMENT

ADDRESS

CITY/STATE/ZIP

TELEPHONE

FAX - Please include fax number if you wish to receive a confirmation letter.

E-MAIL

❏ SPECIAL NEEDS (DIETARY OR PHYSICAL)

DISCOUNT CODE

2: REGISTRATION FEESPRECONFERENCE REGISTRATION: August 18, 2008 ❏ $495.00: Preconference I - Privacy Symposium Privacy

Certificate Program Training (Half Day)❏ $595.00: Preconference II - HIPAA Academy CHP, CHSSTM AND CHATM

Professional Certification Training (Full Day)❏ $495.00: Preconference III - Health IT Certification CPEHR/CPHIT/CPHIE

Professional Certification Training (Full day)

3: PAYMENT OPTIONSPlease enclose payment with your registration and return it to the Privacy SymposiumSummer 2008, 3291 West Wilson Road, Pahrump, NV 89048—or fax your creditcard payment to 760-418-8084.

❏ Check/money order enclosed (checks payable to The Privacy Symposium - Summer 2008)

❏ Credit card: ❏ American Express ❏ Visa ❏ MasterCard

Amount Due (from No. 2 above) TOTAL $

5: OTHER INFORMATION We cannot guarantee your attendance or issuance of a letter confirming attendance unless payment is received with your registration.FOR REGISTRATION QUESTIONS: Phone: 800-684-4549 or 775-537-2311 (Continental US, Alaska and Hawaii only) Email: [email protected] (registration is not available by phone or email)

METHOD OF PAYMENT FOR TUITION: Make payment by check (to The PrivacySymposium - Summer 2008), MasterCard, Visa or American Express. A $20 fee willbe charged on any returned checks. Groups: Have registration and credit card information for each person. List all group members on FAX cover sheet.

TAX DEDUCTIBILITY: Expenses of training including tuition, travel, lodging and meals, incurred to maintain or improve skills in your profession may be taxdeductible. Consult your tax advisor. Federal Tax ID: 91-1892021.

CANCELLATIONS/SUBSTITUTIONS: No refunds will be given for “no-shows” orfor cancellations. You may send a substitute; please call the Conference Office at1-800-684-4549.

TERMS AND CONDITIONS: Program subject to change. Executed RegistrationForm constitutes binding agreement between the parties.

HOW DID YOU LEARN ABOUT THIS CONFERENCE?❏ Brochure ❏ Magazine Ad ❏ Friend/Colleague ❏ E-mail Notice

4: SELECT YOUR SESSIONS

CONCURRENT TRACK SESSIONS (CHECK ONE FOR EACH TIME SLOT)

Wednesday, August 20, 8:00 am❏ HIPAA Summit AM Track I: Advanced Issues in HIPAA Privacy Compliance

❏ HIPAA Summit AM Track II: Advanced Issues in HIPAA Transactions, Codes Sets and Identifier Compliance

Wednesday, August 20, 1:30 pm❏ Privacy Symposium PM Track I: The New, New Thing in Privacy: Coming

Challenges for Privacy Professionals

❏ Privacy Symposium PM Track II: Financial Services and Information Technology Privacy Policy

❏ Privacy Symposium PM Track III: Consumer Privacy Policy

❏ Privacy Symposium PM Track IV: Advanced Issues in Domestic and Global Privacy and Security Policy

❏ HIPAA Summit PM Track I: Advanced Issues in HIPAA Security Compliance

❏ HIPAA Summit PM Track II: Advanced HIPAA Compliance Challenges Raised by Health Information Technology

HOTEL ACCOMMODATIONS: Special rates of $245.00 deluxe rooms single/doubleper night (plus tax) at The Charles Hotel have been arranged. Please make yourreservation directly with the hotel by calling 800-882-1818 or 617-864-1200,Monday-Friday, 8:00 a.m. - 7:00 p.m. and Saturday 9:00 a.m. - 5:30 p.m. and men-tion the group name PRIVACY/HIPAA16 to receive the reduced rate. Reservationsmust be received no later than July 22, 2008. After that cut-off date, reservationswill only be accepted on a space-available basis. On-line reservations are encouraged.Go to the conference website for on-line reg. code and complete instructions:www.PrivacySummerSymposium.com/hotel.htmlThe Charles Hotel • Harvard Square • One Bennett Street • Cambridge, MA 02138 617.864.1200 • www.charleshotel.com

TUITION SCHOLARSHIP APPLICATIONThe Privacy Symposium offers a limited number of full or partial Tuition Scholarshipsto qualifying representatives of privacy advocates and governmental agencies.Individuals can apply for a Tuition Scholarship by completing this form. A varietyof factors will be considered in determining the issuance of a scholarship. These fac-tors include financial need and the desirability of geographic and organizational rep-resentation to the Conference. Funding for scholarships is limited. For Questions:800-684-4549 (Continental US, Alaska and Hawaii only) — Mon.-Fri., 9 am-5 pmPacific Time; Email: [email protected].

❏ Please check here if you wish to apply for a Tuition Scholarship.

TYPE OF ORGANIZATION

PRIVACY SYMPOSIUMSUMMER 2008Publications Printing Department41651 Corporate WayPalm Desert, CA 92260USA

(Address for Return Mail Only)

August 18–21, 2008 CLASSES HELD: Sanders Theatre and Harvard Faculty Club, Harvard University, Cambridge, MA

HIPAA SummitTHE

SIXTEENTH

NATIONAL

ONE REGISTRATION • ATTEND TWO CONFERENCESCOLLOCATED WITH THE PRIVACY SYMPOSIUM:


PRIVACY IN TRANSITIONAn Executive Education Program on Privacy and Data Security Policy and Practice

www.PrivacySummerSymposium.com


PRIVACY IN TRANSITIONAn Executive Education Programon Privacy and Data Security Policy and Practice

Register by June 20 and Save

$400!

Forwarding Service Requested

PRESORTED

FIRST CLASS

U.S. POSTAGE

PAIDPERMIT # 1

PALM DESERT, CA

THE PRIVACY SYMPOSIUM€¦ · THE PRIVACY SYMPOSIUM SUMMER 2008 PRIVACY IN TRANSITION An Executive...

Documents

Transcript of THE PRIVACY SYMPOSIUM€¦ · THE PRIVACY SYMPOSIUM SUMMER 2008 PRIVACY IN TRANSITION An Executive...