Jennifer Archie, Adam Greene, Faith Knight Myers

10:00 -11:00 am: What’s New in Health Information Privacy and Security
COVID-19 privacy issues … healthcare-related changes to the California Consumer Privacy Act … genetic and biometric privacy laws … the current state of HIPAA enforcement. This session will share what the moderators and attendees have been seeing over the past year on health information privacy and security and forecast what is to come.

11:00 -11:30 am break

11:30- 12:30 pm: Preparing for and Working with Different Health Privacy Regulators
HIPAA is a floor, not a ceiling. It does not preempt laws that create stricter requirements for PHI, and other laws can augment its requirements, even for covered entities.
As personal information has become a monetizable asset, privacy compliance/risk experts face expanding, overlapping, and sometimes conflicting regulatory and operational ramifications of novel use cases, as to health data in use both inside and outside of organizations. HHS, FDA, the FTC, state Attorneys General, international data protection or other authorities, self-regulatory bodies, commercial partners – each, any, and all such actors may impose responsibilities to secure and manage personal information relating to data practices and innovative progresses.
This session will review practical data management policies and procedures to optimize interactions with diverse actors, including around hot topics such as patient access to and control of health information, use of health information for ad-targeting, and breach and incident management processes.

12:30 – 2:00 pm: Lunch break

2:00 – 3:00 pm: Information Blocking 
After years decades of HIPAA and centuries of the Hippocratic Oath, health care providers now must disclose health information in a wide variety of circumstances. We will discuss some of the common information blocking compliance challenges, processes for identifying and analyzing information blocking, and the cultural shift that is needed to truly free up health data.

3:00 – 3:30 pm: Break 

3:30 – 4:15 pm: Business Associate Challenges
The regulatory requirements and challenges of business associates have changed over time under HIPAA/HITECH regulations, state privacy health care laws and regulations as well as customer expectations. This session will cover some of the requirements, challenges, and practical considerations that come into play for business associates. We will discuss common misperceptions (or perhaps differing interpretations) of business associate requirements from both moderators and attendees.

4:15 – 4:30 pm: Audience open mike / questions 


Jennifer Archie, Partner, Latham & Watkins
Adam Greene, Partner, Davis Wright Tremaine
Faith Knight Myers, Global Privacy Leader, McKesson

Adam Greene

Davis Wright Tremaine

Faith Myers
Faith Knight Myers

Global Privacy Leader

Jennifer Archie

Latham & Watkins