P WERWIELD THE

OF INFORMATION TECHNOLOGY

Wednesday March 2, 2016Pines Manor, Edison, New Jersey

2016 NJAMHAA IT Project Annual Conference

Registration Details BrochureS.H.I.E.L.D. & PROTECT

The NJAMHAA Information Technology (IT) Project has been leading New Jersey’s community mental healthcare and addiction treatment providers through the continuous evolution of the computer age. Formed in 1984 as the Management Information System Project, a joint public/private venture among NJAMHAA, the State of New Jersey’s Division of Mental Health Services (DMHS) and Project participants, the IT Project was the only venture of its kind in the entire United States at the time to be initiated by a state division to help non-profits implement the new technology of desktop computers. DMHS recognized that its contract agencies were struggling to implement technology and turned to NJAMHAA, the state’s voice for mental health agencies, to help them. To date, no other venture as expansive as the NJAMHAA IT Project has yet to be duplicated any place else in the country, despite the immense need for it.

NJAMHAA changed the name of the project in 2003 to the IT Project to reflect a wider array of services incorporating new and future technologies. As technology continues to adapt, the IT Project is adapting with it. Most non-profits in New Jersey do not have the resources to hire experienced IT staff or consultants to show them how technology can save them time and money. The IT Project offers a low-cost solution that includes consultation, implementation, and maintenance – the Total Managed Solution!

About The NJAMHAA IT Project:

Stay up to date on all conference news! #NJAMHAAIT2016

Agenda At A Glance

8:00 a.m. to 8:45 a.m.Registration, Breakfast and Vendor Browsing

8:45 a.m. to 9:00 a.m.Welcome and Introductions

9:00 a.m. to 10:10 a.m.Keynote Presentation

10:10 a.m. to 10:25 a.m.Break and Vendor Browsing

10:25 a.m. to 11:35 a.m.Workshops A- D

11:35 a.m. to 11:50 a.m.Break and Vendor Browsing

11:50 a.m. to 12:50 p.m.Lunch and IT Hero Awards Ceremony

12:50 p.m. to 1:50 p.m.Afternoon Plenary

1:50 p.m.to 2:05 p.m.Break and Vendor Browsing

2:05p.m. to 3:15 p.m.Workshops E – H

3:15 p.m. to 3:30 p.m.Break and Vendor Browsing

3:30 p.m. to 4:40 p.m.Closing Plenary

Conference Registration Fees:NJAMHAA Members: $145.00Non-Members: $299.00

Register today at www.njamhaa.org/eventsRegistrations need to be submitted online.

If you need assistance, contact Michelle Bozikova at mbozikova@njamhaa.org.

Is your organization a NJAMHAA Member?Visit njamhaa.org to view our NJAMHAA Member Directory to see if your organization is a NJAMHAA member. All employees of NJAMHAA member organizations receive the member rate to NJAMHAA events.

Detailed AgendaRegistration/Breakfast/Vendor Browsing 8:00 a.m. to 8:45 a.m.

Welcome & Introductions 8:45 a.m. to 9:00 a.m.June NotoVice President of Information Technology, Human Resources and Administrative ServicesNew Jersey Association of Mental Health and Addiction Agencies, Inc. (NJAMHAA)

Keynote Presentation 9:00 a.m. to 10:10 a.m.Cyber-Security and the Need for Strategic Collaboration Dr. William M. Toms Assistant Professor, Fairleigh Dickinson University

Course Description: The emergence of cyber security threats becoming reality has focused the attention of the private sector on cyber security as well as various entities within the government sector, to include law enforcement, higher education and the intelligence community. Over the past decade, these entities have cooperated with each other on differing issues pertaining to the security of our homeland. However, mere cooperation by these entities will not properly address the cyber security threats this country is facing. Strategic collaboration amongst these entities will be needed to collectively strengthen our private and non-profit entities to identify, interdict and prevent cyber threats.

Learning Objectives: By the end of this presentation, participants will be able to:• Identify the difference between cooperation and

collaboration.• List the various means by which cyber-attacks occur.• Recognize the nexus between physical security and

cyber security.

Topic Area: Cyber-Security & Strategic Collaboration

Target Audience: All conference attendees

Target Practice Area: Beginner, Intermediate and Advanced

Break and Vendor Browsing 10:10 a.m. to 10:25 a.m.

Detailed AgendaWorkshops A – D 10:25 a.m. to 11:35 a.m.

Workshop ALessons Learned from Civil and Criminal Cases Resulting from Health Care Data BreachesHelen Oscislawski, Esq.Principal & Managing Member, Attorneys at Oscislawski, LLC.

Course Description: Walgreens was handed a $1.44 million jury verdict because an employee snooped in a customer’s EMR and misused it for her own personal purpose. Courts have also gone both ways on class action lawsuits for breaches, but many times not finding sufficient actual harm or damage to sustain the claims. Employees can also be personally prosecuted under HIPAA’s criminal provisions for unauthorized access and use of protected health information. The era of legal enforcement and liability is here, and organizations can learn a lot from these cases. This session will review recent and landmark cases decided and provide insight on how to potentially avoid similar mistakes.

Learning Objectives: By the end of this presentation, participants will be able to:

• Explain what to focus on for compliance and risk management, and to avoid similar pitfalls.

• Describe sample tools and forms to implement.• Identify activity of enforcement over the past 12

months and what is on the immediate horizon for the federal government’s focus.

Topic Area: Compliance, Risk Management and Legal

Target Audience: Privacy Officers, Security Officers, Compliance, Risk Management, Legal, Chief Information Officers, HIM, Patient Records Managers and Staff

Target Practice Area: Beginner, Intermediate and Advanced

Workshop BIT Challenges in a Mobile World Craig Badrick, President and Chief Executive OfficerChristopher J. Voll, Vice President of Technical ServicesTurn-key Technologies, Inc.

Course Description: Attendees will hear from an expert in WIFI about what to expect when users ask to connect their personal devices to your network and will receive guidance on what to look for in a WIFI network to support BYOD and EMR applications. The presenters will discuss methods for securing WIFI against cyber-attacks that may jeopardize employee or patient information and will cover physical security for mobile workers.

Learning Objectives: By the end of this presentation, participants will be able to:• Identify what to expect when users ask to connect their

personal devices to employers’ networks.• Provide guidance on what to look for in a WIFI

network to support BYOD and EMR applications.• Describe methods for securing WIFI against cyber-

attacks that may jeopardize employee or patient information.

Topic Area: WIFI, BYOD, EMR, Cyber Security and Physical Security

Target Audience: Executives, Management, Fiscal, Computer and Systems Specialists, Project Managers, etc.

Target Practice Area: Advanced

Detailed AgendaWorkshop CHow to Choose and Use Threat Intelligence to Protect Your Network and Data and Comply with Regulations Suzanne Magee Chief Executive Officer and Chair TechGuard Security, LLC

Course Description: Healthcare information is now considered the prime target of hackers and cybercriminals. This workshop will cover a brief history of network protection and provide an understanding of today’s complex threat vectors and attacks and the strategies to proactively counter the threat to prevent cyber-attack and data leakage. The definition of threat intelligence will be discussed, including using devices in attendees’ own networks. Attendees will gain strategies for gathering or sourcing threat intelligence and aggregating, automating and effectively using them to counter the morphing and persistent threat against healthcare records.

Learning Objectives: By the end of this presentation, participants will be able to:• Describe the nature of today’s threats to healthcare

information.• Explain what makes up “Threat Intelligence,” including

external threat lists and use of internal information from firewalls, intrusion detection systems, security event information management systems, open source threat lists, and Department of Homeland Security threat information.

• Describe strategies for proactively using threat intelligence to protect networks and data.

Topic Area: Cybersecurity, Threat Intelligence—definition and history of the threats to information and protection then and now. Strategies to use what people currently have, what they buy, and what the government has available to gain better threat situational awareness, and protect against cyber-attack and sensitive data leakage—including a layman’s description of the use of algorithms and artificial intelligence methodologies.

Target Audience: Executives (this will be at a high level), Computer and Systems Specialists (concrete strategies outlined), Risk Managers and Compliance Officers

Target Practice Area: Beginner and Intermediate

Workshop DCyber Security for your Organization and How to Prioritize on a BudgetKenneth RomerChief Information Officer, eCertified Ethical Hacker and Certified Forensics ExaminerITMS LLC

William Barry Private Consultant

Course Description: It is critical to understand an organization’s unique risks and prioritize them for testing and improvement. They don’t have to be addressed all at once, but the risks must be assessed to make a plan for managing them, and the message about the risks and what risk factors are within staff’s control must get out to all levels of staff. The presenters will describe the basics of starting a cyber security program, how criminals will attempt to steal data and what must be done to protect information. They will explain how to prioritize and work risk assessment into budgets. Doing nothing is no longer an option. Government agencies will come down on organizations harshly if they cannot show that they have cyber security plans.

Learning Objectives: By the end of this presentation, participants will be able to:• Identify how hackers steal data.• Describe how to protect their organizations.• Describe how difficult is it to exploit vulnerabilities.• Establish plans and explain how to prioritize risk

management in their budgets.

Topic Area: Best Practices, Cyber Policies, Attack Vectors, and Planning Methods to Protect Data

Target Audience: CEO, CFO, CIO, VP of IT, IT Directors, Administrative and Technical Staff who make decisions regarding setup and use of IT systems in organizations

Target Practice Area: Beginner, Intermediate and Advanced

Break and Vendor Browsing11:35 a.m. to 11:50 a.m.

Detailed AgendaLunch and IT Hero Awards Ceremony 11:50 a.m. to 12:50 p.m.

Afternoon Plenary12:50 p.m. to 1:50 p.m. New Jersey Cybersecurity: Mitigating Cyber Risk through Awareness and Best Practices David Weinstein Director of Cybersecurity New Jersey Office of Homeland Security and Preparedness

Course Description: In New Jersey, cybersecurity exists across different levels of state government and local government. There is a cybercrimes unit located within the state police, on the law enforcement side. New Jersey’s Office of Homeland Security and Preparedness focuses on cybersecurity, focusing on training, awareness and risk assessment.

Learning Objectives: By the end of this presentation, participants will be able to:• Identify the different levels of cybersecurity across

state government and local government.• Describe the key components of the cybercrimes unit.• Explain cybersecurity risk assessment tools.

Topic Area: Cybersecurity

Target Audience: All conference attendees

Target Practice Area: Beginner, Intermediate and Advanced

Break and Vendor Browsing1:50 p.m. to 2:05 p.m.

Workshops E-H 2:05 p.m. to 3:15 p.m.

Workshop E2016 Mobile Security Trends: Are You Ready? Chris Mangano Vice President Sales & Marketing Mercadien Technologies

Frank GentileAccount ExecutiveIBM Security

Course Description: We’ve been hearing for years now that mobile security threats are coming into their own, both in terms of volume and capacity to inflict harm. Is 2016 the year when organizations will move past their fundamental BYOD debates and start discussing more progressive mobile security topics? Securing the mobile enterprise requires a comprehensive approach that includes securing devices, protecting data, safeguarding applications, and managing access and fraud.

Learning Objectives: By the end of this presentation, participants will be able to:• Identify the latest mobile security trends and

challenges.• Describe real-life customer experiences.• Describe best practices on building overall mobile

security strategies.

Topic Area: Mobile-Device-Management

Target Audience: All conference attendees

Target Practice Area: Beginner, Intermediate and Advanced

Detailed AgendaWorkshop FComing to the HIPAA Party: Tips for IT Superheroes and Compliance to CoexistDeborah A. Cmielewski, Esq. Attorney and PartnerSchenck, Price, Smith & King, LLP

Course Description: This course will focus on the intersection of IT and compliance relative to HIPAA issues. It will explore challenges between compliance and IT and address ways that these departments can positively interact with one another and the remainder of the organization to facilitate a culture of compliance. The presenters will review the administrative safeguard requirements of 45 CFR 164.308 and how these crucial players in the organization can positively interact to achieve compliance with the regulation.

Learning Objectives: By the end of this presentation, participants will be able to:• Assist IT personnel in understanding the need for HIPAA

compliance and integrating it into their day-to-day roles.• Discuss the need for compliance personnel to recognize

the crucial role of IT in achieving its goals.• Discuss ways in which IT and compliance must work

together to ensure administrative safeguards in their organizations, including risk analysis, workforce security and training, risk management, contingency planning and related items.

Topic Area: HIPAA Law and Regulatory Issues

Target Audience: Executives, Management, Computer and Systems Special-ists, Project Managers and Compliance

Target Practice Area: Beginner, Intermediate and Advanced

Workshop GPractical Security for Real ThreatsJosh Abraham, Vice President of Professional ServicesMatt Starolis, Vice President of SalesPraetorian Group, Inc.

Course Description: Security breaches have become a popular topic in board-rooms as executives and security teams try to figure out what can be done to stop them. This presentation will cover the autonomy of modern breaches to understand where the “real risk” exists and effective strategies and controls to mitigate those risks – making the challenge more difficult for attackers. A framework for attack mitiga-tions will also be presented.

Learning Objectives: By the end of this presentation, participants will be able to:• Identify the common threats in modern breaches.• Describe effective strategies and controls to mitigate

these threats.• Explain how threats and security controls should be

prioritized.

Topic Area: Information Security, Penetration Testing, Security Breaches

Target Audience: Executives, Management, Computer and Systems Specialists

Target Practice Area: Beginner and Intermediate

Detailed AgendaWorkshop HHealthcare Breaches – The Next Digital EpidemicJason RebholzPrincipal Consultant Mandiant, a FireEye Company

Course Description: The healthcare industry is becoming the next bullseye for targeted threat actors due to the wealth of data that is stored. This presentation will introduce attendees to the attackers who are targeting personal identifying and health information and unveil their tools, tactics and procedures. In addition, the presentation will cover how participants can better secure their environment based on the lessons learned from other major healthcare breaches. No one has to wait to be a headline to enhance their organizations’ security posture!

Learning Objectives: By the end of this presentation, participants will be able to:• Identify what threats are the greatest risks to the

healthcare industry.• Explain how targeted threat actors are gaining and

keeping access into victim organizations.• Describe how to better secure an organization’s

environment with “lessons learned” from major healthcare breaches.

Topic Area: How targeted threat actors compromise companies in the healthcare industry and what can be done to protect individuals and organizations.

Target Audience: Executives, management, and security teams

Target Practice Area: Beginner and Intermediate

Break and Vendor Browsing3:15 p.m. to 3:30 p.m.

Closing Plenary3:30 p.m. to 4:40 p.m. High-Impact Security Flaws in the U.S. Healthcare Sector: Feedback from Legal, Cybersecurity Auditors and IT ExpertsDavid Mohajer, Chief Executive Officer, and Sem Ponnambalam, President, XAHIVE Corporation Joshua A. Mooney, Partner, White and Williams LLP

Course Description: Cyber criminals and healthcare providers are engaged in an escalating arms race over intrusion and protection. The routes that the cyber criminals are taking to break into systems containing personal health information are becoming more and more obscure and difficult to predict. This course will touch on the cybersecurity governance that needs to be done in order to combat this constant threat. It will highlight some of the gaps the healthcare industry is lacking, why those particular areas are overlooked and how to begin dealing with the existing problems with an eye to the future where the Internet will expand the healthcare cybersecurity landscape even further.

Learning Objectives: By the end of this presentation, participants will be able to:• Explain the common threats to personal health

information and the legal ramifications.• Describe the Data Classification and Data Loss

Prevention policies and how they can be used to reduce the risk of cybercrime as part of a good governance strategy.

• Demonstrate awareness of the need for contemplation for new technology and the risks to personal health security and information related to that new technology.

Topic Area: Protecting critical health intelligence from data breaches and the legal implications.

Target Audience: Professionals who have access to critical health and other business intelligence

Target Practice Area: Beginner

Terms and ConditionsRegistration RatesWe are pleased to offer discounted rates for our members. We request that you confirm your organization’s membership status to ensure that you benefit from the discount if you are a member. Please visit www.njamhaa.org and click on the NJAMHAA Members button on the left column to view our membership list to see if your organization is included. If the discounted rate is paid by a nonmember, the nonmember will be invoiced for the difference. We would be happy to discuss membership with you if you are interested.

Online RegistrationTo ensure efficiency and accuracy, we need to process all registrations online. E-mails and faxes do not constitute registrations. After completing your online registration, if you are paying by check, please print the confirmation and send a copy of it along with your payment, made payable to NJAMHAA and mail to Accounts Payable, at NJAMHAA (see address below). If you have any difficulties with online registration, please contact Michelle Bozikova at 609-838-5488, ext. 218.

Media ReleaseBy completing the online registration, you acknowledge that photos and videos may be taken throughout each training/ conference and may be used in any and all NJAMHAA online and paper publications, website and media and NJAMHAA will be held harmless regarding their use. This pertains to individuals who register themselves, as well as individuals who are registered by others.

Cancellation, Substitution and Refund PolicyAttendee registrants (not sponsors or exhibitors), must cancel registrations IN WRITING ONLY to Michelle Bozikova via fax at 609-838-5489 or e-mail at mbozikova@njamhaa.org, by 4:00 p.m., seven calendar days prior to the conference start date in order to receive a 100 percent refund. Substitute registrations can be made after that date. No-show registrants will still be responsible for payment of their registration fees IN FULL and will be invoiced accordingly. Phone calls and voicemails will not be accepted as a means of cancellation.

Sponsors and exhibitor registrants must cancel registrations IN WRITING ONLY by 4:00 p.m., 30

calendar days prior to the conference in order to receive a 100 percent refund of the registration fee. If you cancel your registration between 15 and 29 days prior to the conference start date, you will receive only a 50 percent refund of the registration fee. No refunds will be made within 15 or fewer days of the start date. Phone calls and voicemails will not be accepted as a means of cancellation.

Grievance PolicyShould any registrant be dissatisfied with the quality of their continuing education program or exhibiting experience during this event, a request in writing, explaining why you were dissatisfied, must be submitted to NJAMHAA within five business days of the conclusion of the conference/training in order to receive a full refund of registration fees.

The claim must be a valid claim and supported by specific documentation. Your request can be sent to Michelle Bozikova via e-mail at mbozikova@njamhaa.org or fax to 609-838-5489.

Payment Information and Insufficient FundsOnline payments may be made in the form of a Visa or MasterCard. Checks are also accepted, made payable to “Accounts Payable” and mailed to NJAMHAA, 3575 Quakerbridge Road, Suite 102, Mercerville, NJ 08619. If a credit card is declined for any reason, a $15 fee will be applied to your invoice and be required as payment. If a check is returned by the bank due to insufficient funds, a $35 fee will be applied to your invoice and required as payment. Individuals holding outstanding balances will be ineligible to attend future NJAMHAA conferences or trainings until the outstanding balances are paid in full. Each individual with an outstanding balance that has been carried for more than 30 days will incur a $25 late fee, which will be applied to the invoice and required as payment.

Technology Solutions

IT Project Services• Group Purchasing discounts for hardware and software,

industry events, publications, marketing services, and more

• Vendor User Group promotion and facilitation

• Grants facilitation and access to philanthropic donations; resources reported regularly via newswire and E-Blast.

• Partnerships with state and local government entities, e-learning companies, benchmarking firms, and leading technology vendors provide access to an array of products and services.

• Annual Technology Conference presents the latest information on popular trends and emerging technologies; first-hand information about non-profit policy and funding issues and regulatory mandates; opportunity to network with top technology companies.

• Bits & Bytes newsletter highlights IT Project activities, product evaluations, industry surveys, vendor news, case studies, technology tips and techniques, grant information, and much more.

• Consultation services for EHR implementations

• Expert technical support and network engineering services below industry market rates

• LAN/WAN/VPN, VoIP, Disk to Disk backups, Internet Monitoring solutions

• Managed Services for all your circuits, servers and desktops

• Technology plan development

• Assistance in purchasing technology solutions

• Compliance assistance (federal and state, as related to privacy and security)

• Grant and product donation information

• Training, workshops and conferences

• Website development and maintenance at below market rates

Technical Assistance &

Consulting

• On-site business process analysis for optimal technology implementation and utilization

• Assistance with technology evaluation, selection, and implementation

• Technical liaison with technology and telecommunication vendors to ensure cohesive operations

• CIO-level assistance with development of long- and short-term strategic technology plans

• Assistance with development of technology policies and procedures

• Help desk support; remote and on-site system administration and troubleshooting

• Configuration, administration, and maint- enance of LAN and WAN networks

• Software installations, configuration, documentation, and training

• Hardware installation or relocation and deployment

• Forms design and deployment for efficient, accurate data collection and reporting

• Emergency on-call and on-site services• Web site design and development

Bundled Services

Block of 100 Hours: $7,600($76.00/hour)

Block of 75 Hours: $6,119($81.58/hour)

Block of 50 Hours: $4,450($89.00/hour)

We keep you informed of current affairs in mental health care and addiction treatment. We provide updates on trainings, events and resources available.

3575 Quakerbridge Road, Mercerville, NJ 08619Phone: 609.838.5488 Fax: 609.838.5489

www.njamhaa.org

https://twitter.com/njamhaahttps://www.facebook.com/

njamhaa.home.5 https://www.linkedin.com/pub/njamhaa-home/55/279/760

Follow NJAMHAA on social media!

Stay up to date on all conference news! #NJAMHAAIT2016