Adam Greene, Partner, Faith Knight Myers, Jennifer Archie
Adam Greene, Partner, Davis Wright Tremaine LLP
Faith Knight Myers, Global Privacy Leader, McKesson
Jennifer Archie, Partner, Latham & Watkins
Session A – 09:00am – 10:15am
What’s New in Health Information Privacy and Security
Potential changes to HIPAA. A record-breaking Office for Civil Rights (“OCR”) enforcement year behind us. Increased state attorneys general HIPAA actions. New state privacy and breach laws and their relation to health information. This session will share what the moderators and attendees have been seeing over the past year on health information privacy and security and forecast what is to come.
Session B – 10:45am – 12:00pm
Preparing for and Working with Different Health Privacy Regulators
HIPAA is a floor, not a ceiling. It does not preempt laws that create stricter requirements for PHI, and other laws can augment its requirements, even for covered entities. As personal information has become a monetizable asset, privacy compliance/risk experts face expanding, overlapping, and sometimes conflicting regulatory and operational ramifications of novel use cases, as to health data in use both inside and outside of organizations. HHS, FDA, the FTC, state Attorneys General, international data protection or other authorities, self-regulatory bodies, commercial partners – each, any, and all such actors may impose responsibilities to secure and manage personal information relating to data practices and innovative progresses. This session will review practical data management policies and procedures to optimize interactions with diverse actors, including around hot topics such as patient access to and control of health information, use of health information for ad-targeting, and breach and incident management processes. And YES! We can talk about the California Consumer Protection Act and the scope those pesky exemptions for medical information, specifically.
Session C – 1:30pm – 2:45pm
Emerging Health Privacy Questions
In the world of AI and machine learning, what is “research”? How does “minimum necessary” apply in a sector where more data is always sought? When, if ever, is genomic data considered de-identified? Can health systems combine their group health plan, wellness, and clinical data? This session will explore and discuss some of the most vexing health information privacy questions, as raised by both moderators and
Session D – 3:15pm – 04:30pm
Business Associate Challenges
The regulatory requirements and challenges of business associates have changed over time under HIPAA/HITECH regulations, state privacy health care laws and regulations as well as customer expectations. This session will cover some of the requirements, challenges, and practical considerations that come into play for business associates. We will discuss common misperceptions (or perhaps differing interpretations) of business associate requirements from both moderators and attendees.