Tell a Friend


Mitigating the Risk of Health Care Data Breaches: A Practical Guide for the Industry
   LIVE Webcast  


Event Details:                                                                                                                                                          

In our evolving digital environment, every industry is at risk for data breaches. The health care industry is not immune to data intrusions as more physicians and hospitals adopt electronic health record systems. As the electronic storage and transmission of health care data becomes a standard operating practice, potential health care data breaches are a growing concern for the government, health care providers and health plans, their business associates and practicing health care lawyers.

To help you mitigate the risks of health care data breaches, the Knowledge Group has assembled a panel of thought leaders to walk you through the nuts and bolts of investigating and responding to health care data breaches. Our speakers will provide best practices based on case studies and offer effective strategies to mitigate risks of heath care data intrusions while complying with health care data laws.

Course Level: Intermediate
Prerequisite: None
Method Of Presentation: Group-Based-Internet
Developer: The Knowledge Group, LLC
Recommended CLE/CPE Hours: 1.75 - 2.0
Advance Preparation: Print and review course materials
Course Code: 124386
Recording Fee: $299 (Please click here for details)


Featured Speakers for Mitigating the Risk of Health Care Data Breaches: A Practical Guide for the Industry LIVE Webcast :

Agenda  (click here to view more)

Kimberly J. Kannensohn , Partner,

  • 1. An overview of the breach reporting requirements under HIPAA/HITECH
  • 2. Changes to breach reporting requirements since HITECH was rolled out in 2009 and the HITECH Final Rule released in January 2013.
  • 3. HITECH Final Rule’s impact on Business Associates and their duties to report breaches.
  • 4. Subcontractors’ breach reporting duties under HIPAA/HITECH.

Michael Bruemmer, Vice President, Experian Data Breach Resolution,

  • 1. Per recent industry studies, more than 1/3 of healthcare organizations do not have a Data Breach Response Plan. Why is the gap not closing faster and what impact will the new Final Rule have?
  • 2. Ponemon reports that over 50% of all recent healthcare breaches involved business associates. Where will that trend go in 2013?
  • 3. More than ¾ of all breaches have a root cause in employee negligence. What are 2-3 best ways to address this issue?

Robb S. Harvey , Partner,

  • 1. Recent survey shows that data security is the most cited area of concern by General Counsel (survey by FTI Consulting and Corporate Board Member);
  • 2. Attacks can include hacking, phishing, installation of malevolent malware, and ‘old school’ theft of laptops and hard drives;
  • 3. Multiple sources of and reasons for attacks—recent articles about Chinese military, Anonymous, teenagers, criminal rings;
  • 4. Increasing concern about vulnerability of medical devices and hospital equipment to computer viruses;
  • 5. What’s next? Operational security engineers feel under siege; increasing governmental scrutiny and possible regulation; more securities and shareholder derivative lawsuits;
  • 6. What to do? Plan and prepare. Encrypt; evaluate current security protection methods; evaluate breach detection; consider creating additional firewalls or removing some equipment from intrusion threats; implement policies; revise business associate and other agreements; train employees; price and acquire cyber-theft insurance.

Tony Brooks, CISA, CRISC, Partner,
Horne LLP

Based on HHS/OCR investigations and our HIPAA/HITECH compliance audits, here are key shortcomings among healthcare organizations:
  • 1. Do not have adequate policies and procedures in place to address HIPAA/HITECH and other IT security issues
  • 2. Have either not completed the security risk analysis required by HIPAA or Meaningful Use, or not done the type of in-depth analysis required
  • 3. Have not implemented sufficient risk management measures
  • 4. Have not performed or kept updated a complete inventory of ePHI-containing computer systems and devices
  • 5. Have not completed security training for its workforce members
  • 6. Have not implemented appropriate access rights management procedures and annual access rights reviews
  • 7. Have not implemented portable device and media controls, including encryption (e.g., mobile device management software)
  • 8. Have not implemented secure email and texting systems
  • 9. Have not implemented appropriate safeguarding and disposal of ePHI-containing computers and medical devices that have reached end-of-life
  • 10. Have not done appropriate due diligence of the security controls at third-party providers, including cloud computing vendors and data centers
  • 11. Have not implemented and rehearsed a data breach response plan
  • 12. Have not implemented and rehearsed an IT disaster recovery plan

Carmel M. Cosgrave, Chair, Health Care Practice Group,
SmithAmundsen LLC

Preparing for the worst: understanding OCR’s current Audit process.

Kimberly J. Kannensohn
speaker bio »»

Michael Bruemmer
Vice President, Experian Data Breach Resolution
speaker bio »»

Robb S. Harvey
speaker bio »»

Horne LLP
Tony Brooks, CISA, CRISC
speaker bio »»

SmithAmundsen LLC
Carmel M. Cosgrave
Chair, Health Care Practice Group
speaker bio »»

Who Should Attend?

- In-house Counsel in the life sciences and healthcare industries
- Compliance, Privacy and Data Security Officers
- Biotech/Pharma Industry Lawyers
- Consultants
- Life Sciences and Health Care Practice Consultants/Advisors
- General Counsel
- Senior Management
- Professionals coming from Biotech and Pharmaceutical Firms
- Consultants & Clients in the Biotech and Pharmaceutical Industries

Why Attend?

This is a must attend event for anyone interested in getting practical guidance on how to mitigate the risks of health care data breaches.

- Detailed guidance given by the most qualified key leaders & experts
- Hear directly from experienced practitioners & thought leaders
- Interact directly with panel during Q&A

Join us and hear it from the experts! Advanced registration is recommended as space is limited. Click the registration button below to sign up for this course today. Significant discount applies for early registration.

Registration Information:                                                                                                                                    

(Click here for information on group registrations and discounts)

Please note, the event date is firm although it may be subject to change. Please click here for details.
The Knowledge Group, LLC is producing this event for information purposes only. We do not intend to provide or offer business advice. The contents of this event are based upon the opinions of our speakers. The Knowledge Congress does not warrant their accuracy and completeness. The statements made by them are based on their independent opinions and does not necessarily reflect that of The Knowledge Congress' views. In no event shall The Knowledge Congress be liable to any person or business entity for any special, direct, indirect, punitive, incidental or consequential damages as a result of any information gathered from this webcast.





























Mitigating the Risk of Health Care Data Breaches: A Practical Guide for the Industry
LIVE Webcast
Speakers and Partner Firms:

McGuireWoods has more than 900 lawyers in 19 offices around the world. We cross borders, practices and industries in the U.S, UK, Belgium and elsewhere around the world, collaborating with colleagues and managing resources in the Nordic countries, Russia and Eurasia, Eastern Europe, China, Africa, the Middle East, India, Spain, Portugal and South America. We have unique cooperative arrangements with Paris law firm, KGA, and in Israel with Shenhav Konforti Shavit & Co (SKS). Our international practice is further enhanced by our participation in the global legal networks, Lex Mundi and LNI Oasis.

For more than 175 years, McGuireWoods has built its reputation on the bedrock of providing clients with the highest quality legal service and sound strategic guidance. Clients include public and private companies, private individuals, and government and nonprofit organizations around the world.

Experian® is a leader in the data breach resolution industry and one of the first companies to develop services that address this critical issue. Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. Experian Data Breach Resolution services enable organizations to plan for and successfully respond to data breaches. Learn more at

In the evolving healthcare reform environment, Waller helps its clients focus on their primary mission: providing high quality patient care. Providers rely on Waller’s experienced attorneys for advice and counsel on physician/hospital alignment; M&A and joint ventures; Medicare payment issues; Stark and anti-kickback compliance; electronic health records and privacy rules; and legislative and regulatory developments. Waller assists hospitals; surgery centers; imaging centers; physician practice management companies; home health and hospice providers; skilled nursing and senior living facilities; dialysis providers and rehabilitation facilities throughout the country.

HORNE's dedicated CPAs and health care accounting team provides services specific to the intensive demands of health care providers, including health care assurance and risk management, health care accounting, health care tax services, health care compliance, health care reimbursement and health care valuation. HORNE provides customized health care accounting and comprehensive advisory services for hospitals, health systems, physicians, and a multitude of other health care entities and providers including dental practices and medical device companies. HORNE also provides services tailored to assist health care attorneys in providing more robust services to their own clients. HORNE has served clients in the health care industry for more than 50 years.

SmithAmundsen LLC is a firm comprised of 140 attorneys practicing from offices in Chicago, St. Charles, Rockford and Woodstock, IL; Milwaukee, WI; and St. Louis, MO. The firm represents business entities and individuals engaged in commercial endeavors. Major practice concentrations include commercial litigation, labor and employment, banking and financial services, construction, insurance services, commercial transportation, health care and medical devices, and products liability/manufacturing. For more information, visit:


The Knowledge Group, LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN, 37219-2417. Website:


We are an approved multi-event sponsor in the state of California. Our provider ID is: 14451. In Texas, Illinois, and Virginia, we submit programs for individual approval in advance. In all other states, once attendance is verified, participants are emailed an official certificate of attendance which they submit to their respective State Bar Associations. Our programs are created with continuing education in mind and are therefore designed to meet the requirements of all State Bar Associations. If you have any questions, please email our CLE coordinator at:

Attention New York Attorneys:

This program is approved for CLE credit under New York’s Approved Jurisdiction policy. The Knowledge Group, LLC is an approved sponsor in the state of California, a New York Approved Jurisdiction. This program fulfills the non-traditional format requirement of exceeding 60 minutes in length. Please note only experienced attorneys (more than 2 years) are eligible to receive CLE credit via non-traditional format learning platforms. The Knowledge Group will verify attendance during the webcast via secret words (3 per credit hour) and by auditing attendees log in and log out records. All verification instructions will be provided during the webcast. Once attendance verification requirements have been completed, the attendee will be issued a certificate of attendance be The Knowledge Group for the course with the recommended number of credit hours. The Certificate of Attendance is normally sent via email in 24 hours or less.

To Claim Your CLE Credits:

The attorney should simply include credits earned via Knowledge Group webcasts when computing the total number of CLE credits completed, and keep the Knowledge Group Certificate of Attendance for a period of at least four (4) years in case of audit. An attorney may count towards her/his New York CLE requirement credit earned through the Approved Jurisdiction policy without notifying the CLE Board.

To learn more about New York’s Approved Jurisdiction policy. Please visit:

Attention Pennsylvania Attorneys:

Knowledge Congress is not yet an Accredited Distance Learning Provider in PA, neither the instructors nor any PA attendees will receive credit for the course.

Enrolled Agents Sponsor ID Number: 7602U

We have entered into an agreement with the Office of Professional Responsibility, Internal Revenue Service, to meet the requirements of 31 Code of Federal Regulations, section 10.6(g), covering maintenance of attendance records, retention of program outlines, qualifications of instructors, and length of class hours. This agreement does not constitute an endorsement by the Office of Professional Responsibility as to the quality of the program or its contribution to the professional competence of the enrolled individual.