PROGRAM GUIDE - Dataguise

1

& present

Protecting Data Assets and Managing Risks

JUNE 16-17, 2014 MANCHESTER GRAND HYATT | SAN DIEGO, CA

www.healthprivacyforum.com#HITprivacy

PROGRAM GUIDE

http://www.healthprivacyforum.com

HealthPrivacyForum.com June16-17,2014 2

#HITprivacy

Join the Conversation

WIRELESS INTERNET PROVIDED BY HIMSS MEDIA

NetworkPrivacy & Security Forum

PasswordPSFORUM2014

HIMSS Media produces and distributes essential information to help advance the transformation of health and healthcare through the best use of information technology. Over 500,000 leading healthcare influencers, medical professionals, policy makers and technology buyers around the world rely on the media, events, data and training materials to evaluate and implement effective improvements in patient care. With global scale and local expertise, HIMSS Media offers innovative, effective and measurable media and marketing solutions for health and healthcare technology marketers.

HIMSS Media is a part of HIMSS WorldWide, a cause-based global enterprise that produces health IT thought leadership, education, events, market research and media services around the world. Founded in 1961, HIMSS WorldWide encompasses more than 52,000 individual members, of which more than two-thirds work in healthcare provider, governmental and not-for-profit organizations across the globe, plus over 600 corporate members and 250 not-for-profit partner organizations, that share this cause. HIMSS WorldWide, headquartered in Chicago, serves global health IT communities with additional offices in the United States, Europe, and Asia.

Visit www.himssmedia.com

ORGANIZING PARTNERS

STRATEGIC AFFILIATES

HITECH Answers is an independent resource for physicians, hospitals, and others looking to understand the impact of EHR adoption and other federal health IT initiatives. Led by in-house experts along with support from a community of thought leaders in the field, HITECH Answers has positioned itself as a highly respected voice in the health IT industry.

Visit www.hitechanswers.net

HIMSS Analytics collects, analyzes and distributes essential health IT data related to products, costs, metrics, trends and purchase decisions. It delivers quality data, analytical and consulting expertise to healthcare delivery organizations, IT companies, governmental entities, financial, pharmaceutical and consulting companies.

Visit www.himssanalytics.org

Published in partnership with HIMSS, Healthcare IT News is the industry’s leading news source, providing healthcare IT and other executives the information they need to implement and harness technology as a means to enhance patient care. Jesse H. Neal award-winning coverage includes clinical and business IT strategies, regulatory updates, and vendor and provider news. Content is published in print and online, as well as through mobile and social media platforms. Healthcare IT News is read on all media platforms by IT management, C-suite and general management, and clinical executives at hospitals, large group practices, ambulatory care facilities, home health organizations, payers and more. Online, Healthcare IT News offers daily news coverage, video and slideshows, along with expert and peer blog posts, white papers, webinars, research, career postings and events. Healthcare IT News also provides a platform for lead generation, marketing and content services. In addition, the franchise includes five opt-in e-newsletters and multiple community sites. The newspaper is published in print as well as a digital edition monthly.

Visit www.healthcareitnews.com

Celebrating its 25th anniversary, (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner (HCISPPSM), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)² offers education programs and services based on its CBK®.

Visit www.isc2.org

http://www.himssmedia.com

http://www.healthcareitnews.com

http://www.hitechanswers.net

http://www.himssanalytics.org

http://www.isc2.org

Leverage FireHostʼs secure cloud infrastructure to reduce the number of in scope systems for HIPAA compliance. Experience faster audits and overall lower total cost of ownership while increasing data security. FireHostʼs HITRUST certified infrastructure helps healthcare organizations decouple EHR and ePHI databases and applications from monolithic IT environments.

IncreaseDowntime.

Reduce your healthcare IT infrastructure pains.

(for you, not your infrastructure)

Visit www.firehost.com/audit-pains or call 1 877 262 3473

http://www.firehost.com/audit-pains

HealthcarePrivacyForum.com June 16-17, 2014 4

Q: Why does security need to be elevated in discussions about the cloud?

Hagerman: What we see in a lot of the marketing and talk about the cloud is ease of deployment, speed and cheap resources. But when you’re talking about healthcare and other regulated spaces, security needs to be a bigger part of the conversation. “How can I make sure that my sensitive data is being adequately protected?” is the question. We see a lot of high-level marketing, but often not enough detail. It’s great that a vendor is HIPAA compliant, but what are they going to do to help their customers meet their own HIPAA objectives? It’s hard to template that because all the different vendors have different approaches and products. So a consumer has to be educated.

Q: How does the cloud vendor of tomorrow differ from the cloud vendor of today?

Hagerman: You have to consider how the Internet landscape is changing and understand the impact. The concept of the Internet of Things (IoT) provides more devices being connected to the Internet, which creates a much broader threat landscape. We need to make sure that as the opportunity for threats increases that security plays a more important role than it traditionally has. Tomorrow’s cloud vendors are going to have to make security a priority and architect security into their offerings from the ground up, as opposed to creating bolted-on solutions.

The other part of this discussion is the need for performance and security. Security is hard and it takes a lot of processing speed, which has tradition-ally meant that there is a trade-off of performance for security. The truth is that the two do not need to be mutually exclusive. Cloud providers can architect their infrastructures to provide security while mitigating any per-formance degradation. There is no reason for customers to choose security OR performance when they can have both.

Q: Can healthcare organizations get the cloud security they need without experiencing performance degradation?

Hagerman: Yes. Security doesn’t mean you have to take a performance hit. But organizations need to be cognizant of the fact that some elements of the cloud will involve performance penalties that will need to be offset. And they need to know how to do that. FireHost’s architecture is built securely from the ground. We take a strategic approach to using security to help improve performance. For instance, our multi-layered security approach means that we can clean and scrub incoming traffic before it enters our infrastructure. By eliminating some of the bad traffic, the applications and infrastructure can work more efficiently because there is less traffic to process, inspect, and so on. Using security strategies such as these make performance stronger – so much so that in an independent third party evaluation of seven cloud providers, FireHost was named the number one performing cloud.

Q: How can healthcare organizations identify vendors that are marketing security rather than providing it?

Hagerman: In a lot of cases, just read their websites, because outrageous statements stand out. In other words, when you see a claim that seems too good to be true it probably is. Promises of “guaranteed HIPAA compliant” or “we handle all the technical requirements” should be red flags to a healthcare organization.

You have to be a smart cloud consumer that asks the right questions about how a provider directly assists you in mitigating risk and addressing your compliance requirements. How are they doing security? What specific security controls will they employ for you? Have they and their third parties been independently assessed? The cloud is here to stay and can be used as part of a successful IT strategy, but buyers need to do the same due diligence as they would do for hardware purchases or staffing changes.

Q&A: Security issues loom large as providers go to the cloud – Interview with Kurt Hagerman

Based in Dallas, Phoenix and London, UK, FireHost offers cloud IaaS to protect sensitive data and the brand reputations of some of the largest companies in the world. We recently spoke with Kurt Hagerman, FireHost’s chief information security officer, to get his perspective on security issues in the cloud and what healthcare organizations should be looking for in a vendor.

HealthPrivacyForum.com June 16-17, 2014 5

PLATINUM SPONSOR

FireHost offers the most secure, managed cloud IaaS available, protecting sensitive data and brand reputations of some of the largest companies in the world. With private, cloud infrastructure built for security, compliance, performance and managed service, responsible businesses choose FireHost to reduce risk and improve the collection, storage and transmission of their most confi dential data. FireHost’s secure, managed cloud IaaS is available in Dallas, Phoenix, London, Amsterdam and Singapore, and offers robust, geographically redundant business continuity options across all sites. Based in Dallas, FireHost is the chosen secure private cloud service provider for brands that won’t compromise on the security of their payment card, healthcare, and other regulated data.

Visit www.fi rehost.com

GOLD SPONSORS

Dataguise enables data-centric security, governance, compliance and protective intelligence for sensitive data. Enterprises in the fi nancial services, healthcare, government and other industries rely on Dataguise for discovery, data masking, encryption, and intelligence for their sensitive data within Hadoop and other Big Data environments. Dataguise helps customers reduce the risk of data breaches and to remain compliant with leading regulations designed to protect personally identifi able information (PII) such as the Health Insurance Portability and Accountability Act (HIPAA). Gartner has recognized Dataguise as a “Visionary” for data masking technology.

Visit www.dataguise.com

Symantec’s healthcare software solutions provide security, data loss prevention, HIPAA compliance automation, business continuity, storage and infrastructure management designed to assist healthcare organizations in protecting their business-critical systems and sensitive data. The world’s leader in security helps prevent loss of healthcare data without impacting clinical workfl ows, while maintaining secure 24x7 operation of critical IT systems and protecting against malware.

Visit www.symantec.com/healthcare

ZixCorp offers industry-leading email encryption, unique email DLP and an innovative BYOD solution. Zix Email Encryption provides easy-to-use secure email to anyone, anywhere, enabling transparent email encryption for both senders and recipients. Just as Zix Email Encryption and ZixDLP raise standards for easy to use security, so does the Zix BYOD solution – ZixOne. With ZixOne, corporate email never resides on the device. If a device is lost or stolen, access is simply disabled and employees maintain complete control of their devices.

Visit www.zixcorp.com

SILVER SPONSOR

Saviynt combines fi ne-grained application access and usage analytics to provide next generation security management solution for clinical applications such as Epic, McKesson, Cerner and other critical enterprise applications. Core security capabilities of Saviynt solution include centralized fi ne-grained access and role management, intuitive access request system, risk-based access certifi cation, SOD management, controls monitoring, log monitoring, breach and behavior analysis. Saviynt provides a uniform security platform across healthcare and other enterprise applications to automate security life-cycle management. Our products and services thrive on next generation ideas to help customers achieve security and compliance objectives faster through smarter ways and reduce TCO.

Visit www.saviynt.com

FishNet and Fortinet are two of the top leaders in professional IT security solutions in North America. The Fortinet Fishnet partnership has provided countless IT security solutions solving mission critical problems for enterprise class organizations and healthcare providers. Come experience our joint messaging and hear fi rst hand from our clients what our solutions can do for you and your organization. Fortinet is a worldwide provider of network security appliances and a market leader in unifi ed threat management (UTM) and Next Generation Firewall (NGFW). FishNet Security is the leading provider of information security solutions that combine technology, services, support and training.

For more information, visit us at www.fortinet.com, www.fortinet.com/solutions/healthcare.html & www.fi shnetsecurity.com

http://www.fi

http://www.dataguise.com

http://www.symantec.com/healthcare

http://www.fortinet.com

http://www.fortinet.com/solutions/healthcare.html

http://www.fi

http://www.zixcorp.com

http://www.saviynt.com

HealthcarePrivacyForum.com June 16-17, 2014 6

Q: What is the cloud for healthcare and why is healthcare just now embracing it?

Bryant: We’ve been hearing about the cloud since the Internet launched, but it became a household term well before it had substantial offerings for healthcare. In the past five to 10 years, other industries have been embracing the cloud to reduce the cost of delivery of services. It’s literally fractions of the cost of putting up data centers and hosting technical solutions in-house. Healthcare, however, has been restricted because of the complexity of security regulations.

Q: What type of cloud services is healthcare using and why? What do they intend to use?

Bryant: Initially, small to medium providers moved to cloud-based EHRs because it was cheaper than purchasing a system, and they could demonstrate meaningful use as well as leverage access to digitized information. Now, particularly since the HIPAA Omnibus Final Rule went into effect September 23, 2013, which requires business associates to comply with security regulations, providers are beginning to use the cloud for other services, including financial and marketing services.

Q: What are the top challenges and concerns with the cloud for healthcare?

Bryant: Healthcare organizations need to make sure they select a cloud

provider that meets their access and security needs. Also, availability is critical because healthcare doesn’t have a lot of tolerance for downtime. As for security issues, there needs to be adequate controls. Yes, business associates can now be held responsible, but the providers will still be the ones whose reputations suffer. And those business association agreements need to be accurate and up to snuff. Providers need to know that they have a solid partnership. Finally, remember that you need to have both visibility and control. With cloud services, you really don’t know where your data is, so you must have good reporting so that you can determine who has access to your data. Remember, once you start putting things in the cloud, a simple mistake can expose millions of records.

Q: What is the future of the cloud in healthcare?

Bryant: Symantec has just completed a cloud user survey specifically for healthcare, and, interestingly, most of the people who are going to be in the cloud are already there. We don’t anticipate a lot of new user growth projected over the next one to three years. Those not currently in the cloud will likely stay with a traditional software hosted at internal data centers approach, while large healthcare providers already have a lot invested in their own infrastructure. As for those who are in the cloud, many jumped quickly without really doing due diligence to determine how best to move, so moving forward many providers will drill down into their processes to determine what needs to be protected and how best to do that.

Q&A: Healthcare providers embrace the cloud for multiple uses–Interview with Rick Bryant

We Protect People and Information.

Since its inception in 1982, Symantec has grown to become a Fortune 500 company that provides security, storage and systems management solutions to companies around the world. We recently sat down with Rick Bryant, Healthcare Architect for Symantec, to learn what the company sees in the years ahead as healthcare organizations move to the cloud.


#HITprivacy

Join theConversation



PasswordPSFORUM2014

SPEAKERS

KEYNOTE SPEAKER

Jim DoggettSVP, Chief Security Offi cer & Chief Technology Risk Offi cerKaiser Permanente

Phil Alexander

University Medical Center

Michael Allred

Intermountain Healthcare

Tom August

Sharp Healthcare

Geoff Bibby

ZixCorp

Dena Boggan

St. Dominic Hospital

Michael Boyd

Providence Health & Services

Rick Bryant

Symantec Corporation

Kevin DePeugh

Kaiser Permanente

Barbara L. Filkins

SANS Analyst Program

Kevin Fu

University of Michigan

Kurt Hagerman

FireHost

Gerry Hinkley

Pillsbury Winthrop Shaw Pittman

John Houston

UPMC

Henry Jenkins

Huntington Memorial Hospital

Kevin Johnson

Secure Ideas

Clark Kegley

Scripps Health

Lee Kim

HIMSS

Erin McCann

Healthcare IT News

Barbara M. McCarthy

Mayo Clinic, Florida

Kevin B. McDonald

Noloki Healthcare IT & Compliance

Deven McGraw

Manatt, Phelps & Phillips

Mac McMillan

CynergisTek, Inc.

Ron Mehring

Texas Health Resources

Sachin Nayyar

Saviynt and Securonix

Dale Nordenberg

Medical Device Innovation, Safety & Security Consortium

Mark A. Parkulo

Mayo Clinic

Ann Patterson

Medical Identity Fraud Alliance

Iliana L. Peters

HHS Offi ce for Civil Rights

Shahid Shah

Netspective

Paul Smith

Network Manager for Information Services, Ascension Health

Jeremy Stieglitz

Dataguise

Jim Tate

EMR Advocate

Micky Tripathi

Massachusetts eHealth Collaborative

Eric Wicklund

mHealthNews.com


MONDAY, JUNE 16

AGENDA

8:30 - 9:00 AMBallroom Foyer

Registration & Badge PickupBreakfast Sponsored By

9:00 - 9:45 AMGeneral Session

Opening Keynote: Manage Risk and Take Hold of the Future Keynote: Jim Doggett, Senior Vice President, Chief Security Offi cer & Chief Technology Risk Offi cer, Kaiser Permanente


Frontline Perspective: Combating Cyber Crime in HealthcareModerator: Kevin Johnson @SecureIdeas, Chief Executive Offi cer, Secure IdeasSpeakers: Ron Mehring @MehringRC, Chief Security Offi cer/Director – Information SecurityTexas Health Resources Michael Allred @MWAllred, Information Security Consultant/Identity and AccessTeam Manager, Intermountain Healthcare Phil Alexander, Information Security Offi cer, University Medical Center

10:30 - 11:15 AMExhibit Area

Networking BreakSponsored by

11:15 AM - 12:00 PMGeneral Session

Mitigate Employee, Vendor and Other Insider ThreatsModerator: Lee Kim @LKimHIMSS, Director, Privacy & Security, HIMSSSpeakers: Tom August, Director of Information Security, Sharp Healthcare John Houston, Vice President, Privacy and Information Security & Associate Counsel, UPMC Special Agent Scott, Counter Intelligence, Federal Bureau of Investigation - San Diego

12:00 - 12:15 PMGeneral Session

Cloud Use in the Healthcare Industry: Privacy & Security ConsiderationsSpeaker: Rick Bryant, Healthcare Solutions Architect, Symantec Corporation

12:15 - 1:15 PMExhibit Area

Networking LunchSponsored By


HIPAA Update: Offi ce for Civil Rights (OCR)Moderator: Erin McCann @EMcCannHITN, Associate Editor, Healthcare IT NewsSpeakers: Iliana L. Peters, Senior Advisor for HIPAA Compliance and Enforcement, U.S. Health & Human Services -

Offi ce for Civil Rights


Case Study: How The Mayo Clinic Developed a Robust, Secure Patient PortalSpeakers: Mark Parkulo, Vice Chair, Meaningful Use Coordinating Group, Mayo Clinic, Florida Barbara M. McCarthy, Privacy Offi cer, Mayo Clinic, Florida


Networking BreakSponsored By


Leveraging Next Generation Firewall Functionality for Unique Healthcare NeedsSpeaker: Paul Smith, Network Manager for Information Services, Ascension Health


Planning for and Responding to a BreachSpeaker: Gerry Hinkley, Partner, Pillsbury Winthrop Shaw Pittman


Best Practices for Medical Device SecurityModerator: Dale Nordenberg, Co-founder & Executive Director, Medical Device Innovation, Safety, and Security Consortium (MDISS)Speakers: Kevin Fu, Associate Professor of Electrical Engineering and Computer Science, University of Michigan

Tom August, Director of Information Security, Sharp Healthcare


The Cornerstone of any Healthy Cloud — How to Ensure Security is RealSpeaker: Kurt Hagerman, Chief Information Security Offi cer, FireHost


Networking Reception Sponsored By

Coronado Ballroom CDE - Fourth Floor


PasswordPSFORUM2014

WIRELESS INTERNETPROVIDED BY HIMSS MEDIA

#HITprivacy




BreakfastSponsored By


Security Roundtable: What Keeps You Up At Night – And What Are You Doing About It?Moderator: Barbara L. Filkins, Systems Engineer / Infrastructure Design, SANS Analyst ProgramSpeakers: Ron Mehring @MehringRC, Chief Security Offi cer / Director - Information Security, Texas Health Resources

Kevin DePeugh, Vice President of Cyber Security, Kaiser Permanente Henry Jenkins, Director, Information Services, Huntington Memorial Hospital Sachin Nayyar, Founder and CEO, Saviynt and Securonix


Update From The ONC Privacy & Security Tiger TeamModerator: Erin McCann @EMcCannHITN, Associate Editor, Healthcare IT NewsSpeakers: Deven McGraw @HealthPrivacy, Chair, ONC Privacy & Security Tiger Team Micky Tripathi, Co-Chair, ONC Privacy & Security Tiger Team


Big Data – Balancing Information, Privacy & SecuritySpeakers: Jeremy Stieglitz, Vice President of Product Management, Dataguise


Networking BreakSponsored By


BYOD: A Fresh Perspective - Avoid a Bring-Your-Own-DISASTER ScenarioSpeaker: Geoff Bibby, Vice President Corporate Marketing, ZixCorp

Compliance Workshop

11:45 AM - 12:30 PMGeneral Session

Part 1: Best Practices for Passing an OCR AuditSpeaker: Kevin McDonald @KevinBMcDonald,

President, Noloki Healthcare IT & Compliance, A Division of Alvaka Networks


Part 2: Meaningful Use Audit Red Flags: Pay Careful Attention to the Security Risk Analysis - or ElseSpeaker: Jim Tate @JimTate, President, EMR Advocate


Networking LunchSponsored By


The High Price of Medical Identity Theft and FraudSpeaker: Ann Patterson, Senior Vice President and Program Director, Medical Identity Fraud Alliance


Group Discussion: How Do You Create a Culture of Privacy and Security?Moderator: Shahid Shah @ShahidNShah (“The Healthcare IT Guy”), Chief Executive Offi cer, Netspective CommunicationsSpeaker: Dena Boggan, HIPAA Privacy/Security Offi cer, St. Dominic Hospital


Minimize The Security Risks of Health Data in The CloudSpeakers: Lee Kim @LKimHIMSS, Director, Privacy & Security, HIMSS John Houston, Vice President, Privacy and Information Security & Associate Counsel, UPMC Kurt Hagerman, Chief Information Security Offi cer, FireHost


Shop Talk: Top Providers Discuss Their Approaches to Managing BYOD RiskModerator: Eric Wicklund @Eriwick, Editor, mHealth NewsSpeakers: Clark Kegley, Assistant VP of Information Services, Scripps Health Michael Boyd, Chief Information Security Offi cer, Providence Health & Services Mac McMillan, Chair, HIMSS Privacy & Security Policy Task Force


Closing Remarks

AGENDA

TUESDAY, JUNE 17Network

Privacy & Security ForumPassword

PSFORUM2014

WIRELESS INTERNETPROVIDED BY HIMSS MEDIACoronado Ballroom CDE - Fourth Floor

#HITprivacy


Q: What does Dataguise do?

Singh: Our mission is to help healthcare and financial organizations protect data and address compliance and data governance issues. Our solutions protect against both insider and outsider threats. Remember, a lot of people inside a healthcare company have access to patients’ records, including their social security numbers. Some should have that access, but others should not.

Q: As a leader in data-centric security and privacy solutions, what kinds of problems do you solve for HIPAA compliance and protecting PHI?

Singh: With the increase in data sharing and the push to leverage cloud, mobile and Big Data, healthcare organizations have to take extra precautions to protect their data. Dataguise provides an automated solution for discovering, protecting, and monitoring sensitive data, no matter where it’s located.

Q: What challenges are you seeing in Big Data, and what recommendations would you give to healthcare organizations?

Singh: Organizations are bringing together data from many sources to form a “data lake,” or “Big Data warehouse.” However, this creates new privacy challenges. For example, datasets A and B alone might not contain sensitive data, yet the combination of A and B becomes sensitive.

Another challenge is managing the massive volumes of unstructured data. Discovering and protecting sensitive data is tougher with unstructured data than it is with structured data. Add Hadoop to the mix, and now you have

even more complexity. Dataguise enables organizations to proactively address these challenges by automating data protection, at-rest or in- motion, across heterogeneous data platforms. We believe that being proactive is key, and automation is critical.

Q: How is Dataguise different from other security vendors?

Singh: Other vendors are using an all-or-nothing approach to data security, for example, volume-level encryption. But only 3% of data is sensitive, which means 97% can and should be kept available for analytics. Our approach – call it “intelligent” de-identification – gives customers greater flexibility and ease-of-use. If you think of this as the classic “finding a needle in a haystack”, we’ve simplified and automated the process of finding, protecting and keeping track of the needles, without limiting access to the rest of the haystack.

Q: How are health organizations using Dataguise?

Singh: A very large hospital is doing a system-wide cost analysis to determine their costs per patient. It’s mandatory to make sure the sensitive data elements are masked.

Another case study is clinical research being conducted to determine, by zip code, which areas are more susceptible to heart attacks, and then offer that data to regional pharmacies so they can have relevant medications on hand.

In both cases, it is critical to maintain data privacy and security but still make the information useful and accessible.

Q&A: Protecting the data that matters– Interview with Manmeet Singh Whether in the cloud or out, California-based Dataguise aims to protect sensitive data while also enabling clients to engage in the analytics necessary to improve their services. We recently sat down with Manmeet Singh, CEO and co-founder of Dataguise, to hear how Dataguise automates discovery and de-identification to protect the most important data.

Q: Who is ZixCorp?

Bibby: ZixCorp is the leader in email data protection. We’ve been in the business for over a decade, and our brand was built on delivering encrypted email. In 2013, we introduced two new solutions. The first prevents data loss. We can scan an email and see if there’s sensitive information that needs to be quarantined. With the second product, we’ve expanded into the Bring Your Own Device (BYOD) market, protecting email, calendars, and contacts on personal devices.

Q: What is driving so much interest in email data protection these days?

Bibby: It’s the post-Snowden era, and people are paying a lot of attention to the fact that email is very vulnerable. It helps to remember that any single email is managed across many different servers, and with each different server you stand the chance of losing control of your data. Organizations are feeling more regulatory pressure to guard against that. Also, mobile users are driving the market. With the BYOD movement, mobile devices are increasingly the chosen corporate device, and the data on those devices needs to be protected.

Q: What is the Bring Your Own Device phenomenon?

Bibby: It’s a phenomenal phenomenon, and if it’s done properly it can be a very positive thing. When it comes to security, we’ve approached BYOD

from a very different standpoint than other vendors. Most vendors try to fully manage people’s personal devices. They presume the information will reside on a person’s phone and try to manage it accordingly. We don’t. We don’t ever have corporate information residing on a personal phone. Rather, we use an app to stream the contents of corporate email. It’s essentially a virtual view of the email, but it doesn’t stay on the device. It has all the attributes of regular email, in that you can forward it or reply to attachments, but when you close the email it disappears from the device.

Q: How does ZixCorp protect email?

Bibby: With ZixGateway, outbound emails are automatically scanned for sensitive information. If sensitive information is found, it’s automatically encrypted. On the receiving end, encrypted emails are received and decrypted automatically, without the person having to do anything.

Q: What’s different about Zix’s email encryption?

Bibby: It’s called “transparent email encryption,” which means consumers have the ability to send and receive secure email without any extra steps. It’s just like a regular email. Other vendors use what’s called “push” security, in which they send you a notification and link that sends you to a place where you can read the email. It’s less convenient.

Q&A: Email security more important than ever – Interview with Geoff BibbyIsn’t it funny how the news can bring a topic to prominence! With the recent Edward Snowden revelations concerning the activities of the U.S. National Security Agency (NSA), all of a sudden companies and citizens are thinking more about how best to protect their emails. We recently sat down with Geoff Bibby, vice president of corporate marketing for ZixCorp, to learn how his company works to ensure email security.


AirWatch by VMWare Exhibit #23

AirWatch is the leader in enterprise-grade mobility management and security solutions. More than 10,000 customers across the world trust AirWatch to manage their most valuable assets: their mobile devices. Our highly scalable solution provides an integrated, real-time view of an entire fleet of corporate, employee-owned and shared iPads, iPhones, Androids, Toughbooks and more. With AirWatch, healthcare IT can automate the management and tracking of all mobile assets; reduce the cost and effort of device deployments; improve the technical support experience for device users; and enable and enforce IT security and compliance policies that secure the device and its data. Visit us at www.air-watch.com

Brinqa Exhibit #20

Brinqa Risk Analytics provides enterprises a competitive advantage by taking a proactive and financially driven approach, using risk concepts and tools to enable better decisions to mitigate threats and capitalize on opportunities. The primary goal of Brinqa Risk Analytics is not 100% security or 100% compliance, but to provide risk intelligence in the face of a changing security threat landscape. Target solutions include, Risk Management, Risk Analytics, Security Risk Analytics, Privacy Management, Vendor Risk Management and IT Operations Management. Visit us at www.brinqa.com

®

Coalfire Exhibit #16

Coalfire is a leading, independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. HIPAAcentral is powered by Coalfire and offers a one-stop place for all-things-HIPAA compliance for CEs and BAs. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP. Visit us at www.coalfire.com

CommVault Americas Exhibit #10

CommVault is a software company, relentlessly focused on all things data. We are dedicated to providing organizations worldwide with a radically better way to protect, manage and access data and information. Visit us at www.commvault.com

DATAGUISE Exhibit #24

Dataguise enables data-centric security, governance, compliance and protective intelligence for sensitive data. Enterprises in the financial services, healthcare, government and other industries rely on Dataguise for discovery, data masking, encryption, and intelligence for their sensitive data within Hadoop and other Big Data environments. Dataguise helps customers reduce the risk of data breaches and to remain compliant with leading regulations designed to protect personally identifiable information (PII) such as the Health Insurance Portability and Accountability Act (HIPAA). Gartner has recognized Dataguise as a “Visionary” for data masking technology. For more information, visit us at www.dataguise.com

EXHIBITORS – Coronado Ballroom AB - Fourth Floor

Network: Privacy & Security Forum Password: PSFORUM2014


#HITprivacy


http://www.air-watch.com

http://www.brinqa.com

http://www.coalfire.com

http://www.commvault.com

http://www.dataguise.com



Duo Security Exhibit #6

Description: Duo Security provides cloud-based two-factor authentication to more than 4,000 organizations worldwide. In as little as fifteen minutes, Duo’s innovative and easy-to-use technology can be deployed to protect users, data, and applications from credential theft and account takeover. Try it for free at www.duosecurity.com

FireHost Exhibit #13 FireHost offers the most secure, managed cloud IaaS available, protecting sensitive data and brand reputations of some of the largest companies in the world. With private, cloud infrastructure built for security, compliance, performance and managed service, responsible businesses choose FireHost to reduce risk and improve the collection, storage and transmission of their most confidential data. FireHost’s secure, managed cloud IaaS is available in Dallas, Phoenix, London, Amsterdam and Singapore, and offers robust, geographically redundant business continuity options across all sites. Based in Dallas, FireHost is the chosen secure private cloud service provider for brands that won’t compromise on the security of their payment card, healthcare, and other regulated data. Visit us at www.firehost.com

Fortinet and Fishnet Security Exhibit #3

Fortinet and Fishnet are two of the top leaders in professional IT security solutions in North America. The Fortinet Fishnet partnership has provided countless IT security solutions solving mission critical problems for enterprise class organizations and healthcare providers. Come experience our joint messaging and hear first hand from our clients what our solutions can do for you and your organization. Fortinet is a worldwide provider of network security appliances and a market leader in unified threat management (UTM) and Next Generation Firewall (NGFW). FishNet Security is the leading provider of information security solutions that combine technology, services, support and training. For more information, visit us at www.fortinet.com, www.fortinet.com/solutions/healthcare.html & www.fishnetsecurity.com

A S A N T A R O S A C O M P A N Y

Fortified Health Solutions Exhibit #19

Fortified Health Solutions offers IT Network & Security Management Services centered on compliance. Visit it us at www.fortifiedhealthsolutions.com

Guidance Software Exhibit #7

Guidance Software is the worldwide leader in digital investigation solutions. Its EnCase® Enterprise platform is used by numerous government agencies and 65 percent of the Fortune 100 to conduct network-wide digital investigations. Built on the EnCase Enterprise platform are EnCase® eDiscovery, EnCase® Analytics, and EnCase® Cybersecurity, which help organizations respond to litigation discovery and compliance requests, derive security intelligence from Big Data on endpoints, and conduct rapid security incident response. For more information, visit www.guidancesoftware.com



#HITprivacy


http://www.duosecurity.com

http://www.firehost.com


http://www.fortinet.com/solutions/healthcare.html

http://www.fishnetsecurity.com

http://www.fortifiedhealthsolutions.com

http://www.guidancesoftware.com



Iatric Systems, Inc. Exhibit #17

Iatric Systems helps hospitals and health systems leverage their HIS investment with software, interfaces and reporting services. Since 1990, more than 1,000 hospitals worldwide have implemented Iatric Systems’ solutions including Security Audit Manager (SAM), an advanced application that automatically monitors audit logs across your entire enterprise, sees every access and identifies potential HIPAA privacy breaches. For more information, contact [email protected] or visit us at www.security.iatric.com

ID Experts Exhibit #8

ID Experts provides software and services for managing the disclosure and breaches of regulated data. Leading organizations in healthcare rely on ID Experts’ patented RADAR™ data incident management software and data breach response services for managing risks. Exclusively endorsed by the American Hospital Association, ID Experts is an advocate for privacy and a leading contributor to legislation and industry organizations that focus on the protection of PHI and PII. Visit us at www2.idexperscorp.com

Imprivita Exhibit #27 Imprivata® is a leading provider of authentication, access management and secure communications solutions for healthcare. Its solutions help more than 2.6 million care providers at more than 1,000 healthcare organizations worldwide quickly and securely access clinical applications to improve productivity for better focus on patient care. Imprivata OneSign®, named the single sign-on (SSO) category leader by KLAS in 2012 and 2013, offers SSO and authentication management to deliver fast, secure No Click Access® to clinical applications, patient records and virtual desktops. Imprivata Cortext® is a secure communication platform that enables multi-site communication across hospitals, clinics, ACOs and other facilities to improve care coordination and eliminate inefficiencies caused by pagers and other outdated technologies. For more information, please visit www.imprivata.com.

(ISC)2 Exhibit #12 Celebrating its 25th anniversary, (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFP℠SM), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner (HCISPP℠SM), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)² offers education programs and services based on its CBK®. Visit us at www.isc2.org



#HITprivacy


mailto:[email protected]

http://www.security.iatric.com

http://www.imprivata.com

http://www.isc2.org


iScan Online, Inc.Exhibit #4

iScan Online, Inc. is a provider of cloud security scanning solutions, enabling organizations to scan any endpoint, anytime and anywhere, proactively identifying devices at risk before a data breach occurs. iScan Online was born in the cloud and provides a secure scalable multi-tenant platform for unencrypted data discovery, vulnerability and compliance scanning, assessing laptops, servers, smartphones and tablets. iScan Online is the recipient of SC Magazine’s Security Industry Innovator of the Year Award and CIO Review Magazine’s Most Promising Top 20 Security Companies of 2014. Visit us at www.iscanonline.com

Leidos HealthExhibit #14

Leidos Health is a new company formed from the separation of SAIC. As the largest health IT consulting company in the North America., Leidos Health brings new perspectives to solve the world’s most challenging problems. The health arm of Leidos features the expertise of industry-leading companies formerly known as maxIT Healthcare and Vitalize Consulting Solutions, serving over 900 clients across the U.S. and Canada. For more information, visit www.leidoshealth.com

Profi cioExhibit #25

Profi cio is a leading provider of next-generation managed security services. We are changing the way healthcare organizations meet their IT security and HIPAA compliance goals by providing the most advanced solutions to monitor and scan critical assets without the need for added headcount or costly systems. Profi cio solutions are powered by HP’s leading security solutions including ArcSight and TippingPoint. Profi cio’s ProSOC service includes 24x7 security monitoring, log retention, and security device management. Together, HP and Profi cio help mitigate risk and defend against today’s most advanced threats. For information on HP Enterprise Security, visit www.hpenterprisesecurity.com. For information on Profi cio, visit www.profi cio.com

Redspin, Inc.Exhibit #9

Redspin is the undisputed leader in HIPAA security risk analysis services. In the past 3 years, we have helped 115 hospitals, hundreds of clinics and large business associates ensure compliance and lower their risk of PHI data breach. Our services include penetration testing, vulnerability assessments, application security, policy analysis, mobile device security, and social engineering. With a decade+ of experience, Redspin has become a trusted security adviser to the healthcare industry. Visit us at www.redspin.com

Saviynt LLCExhibit #22

Saviynt combines fi ne-grained application access and usage analytics to provide next generation security management solution for clinical applications such as Epic, McKesson, Cerner and other critical enterprise applications. Core security capabilities of Saviynt solution include centralized fi ne-grained access and role management, intuitive access request system, risk-based access certifi cation, SOD management, controls monitoring, log monitoring, breach and behavior analysis. Saviynt provides a uniform security platform across healthcare and other enterprise applications to automate security life-cycle management. Our products and services thrive on next generation ideas to help customers achieve security and compliance objectives faster through smarter ways and reduce TCO. Visit us at www.saviynt.com



#HITprivacy



http://www.iscanonline.com

http://www.leidoshealth.com

http://www.hpenterprisesecurity.com

http://www.profi

http://www.redspin.com

http://www.saviynt.com


SecureAuth Corporation Exhibit #26 Located in Irvine, California, is a technology leader and creator of the award-winning SecureAuth IdP that uniquely delivers multi-factor authentication and single sign-on together in a powerful solution for mobile, cloud, web, and network resources without requiring supplementary components or add-ons. Visit us at www.secureauth.com.

Scrypt, Inc. Exhibit #2 Since 1998, we have been creating subscription-based products and services that digitize, process and store sensitive information to eliminate manual process and paper. Sfax, our secure faxing solution, maintains the essential benefits that keep faxing relevant but removes the pain associated with manual faxing and fax servers by bringing it to the cloud. Visit us at www.scrypt.com

Symantec Exhibit #1

Symantec’s healthcare software solutions provide security, data loss prevention, HIPAA compliance automation, business continuity, storage and infrastructure management designed to assist healthcare organizations in protecting their business-critical systems and sensitive data. The world’s leader in security helps prevent loss of healthcare data without impacting clinical workflows, while maintaining secure 24x7 operation of critical IT systems and protecting against malware. For more information, visit us at www.symantec.com/healthcare

TraceSecurity, Inc. Exhibit #11 Through a combination of software and information security services, TraceSecurity helps clients address all critical components of a successful risk-based information security program – including people, processes and technology. TraceSecurity’s flagship solution, TraceCSO, is the first and only cloud-based software solution that makes IT GRC a complete and affordable business application for organizations of any industry, size or skill set. In addition, TraceSecurity offers information security services that include, but are not limited to, social engineering, penetration testing, risk assessments, information security audits, security awareness training and vulnerability assessments. Visit us at www.tracesecurity.com

Varonis Systems, Inc. Exhibit #18

Varonis is the foremost innovator and provider of access, governance, and retention solutions for human-generated data, the fastest-growing and most sensitive class of digital information. Varonis ensures that only the right users have access to the right data from the right devices, all use is monitored, and abuse is flagged. Visit us at www.varonis.com

®

Vendormate Exhibit #5

Vendormate enables providers to take a holistic approach to managing their procurement cycle to achieve internal controls, regulatory compliance, and cost savings. Our Procurement Cycle Management platform and solutions are fully integrated to improve data integrity and solve the challenges of vendor management. Our Business Associate solutions enable hospitals to meet HIPAA-BA compliance, screen and track BA vendors and be prepared for an OCR audit with documentation to demonstrate oversight. Visit us at www.vendormate.com




#HITprivacy


http://www.secureauth.com

http://www.scrypt.com

http://www.symantec.com/healthcare

http://www.tracesecurity.com

http://www.varonis.com

http://www.vendormate.com


#HITprivacy



Network

Privacy & Security Forum

Password

PSFORUM2014

Voltage Security Exhibit #15 Voltage Security®, Inc. is the world leader in data-centric encryption and tokenization. Voltage provides trusted data security that scales to deliver cost-effective PCI compliance, scope reduction and secure analytics. Voltage solutions are used by leading enterprises worldwide, reducing risk and protecting brand while enabling business. For more information, visit us at www.voltage.com

Zix Corporation Exhibit #21 ZixCorp offers industry-leading email encryption, unique email DLP and an innovative BYOD solution. Zix Email Encryption provides easy-to-use secure email to anyone, anywhere, enabling transparent email encryption for both senders and recipients. Just as Zix Email Encryption and ZixDLP raise standards for easy to use security, so does the Zix BYOD solution – ZixOne. With ZixOne, corporate email never resides on the device. If a device is lost or stolen, access is simply disabled and employees maintain complete control of their devices. For more information, visit us at www.zixcorp.com


http://www.voltage.com

http://www.zixcorp.com

Q: Who is Fortinet, and what do you guys do?

Hanson: Fortinet is a leading enterprise class network security vendor. We have strong partnerships and deliver security solutions to 10 of the world’s top-10 service providers. We provide clients with network security consolidation without compromise, while improving the performance and availability of the applications that deliver care.

Q: Can you give us some examples of how healthcare organizations are using Fortinet?

Hanson: From delivering Trusted Internet Connections (TIC) to federal healthcare organizations to helping our nation’s largest non-profit provider improve security and business operations, Fortinet is in the unique camp of being able to provide the best security while lowering costs. Clients who use Fortinet solutions today to solve mission-critical problems include our nation’s largest health care non-profits and for-profit stock companies, federal and state health agencies, university medical centers and even small private practices, to name just as few. Our range of clients show that Fortinet solutions can be used by organizations of different sizes and needs to solve their IT concerns.

Q: What is one big challenge that Fortinet hears from its healthcare IT executive customers?

Hanson: Healthcare providers are migrating from large, independent, stand-alone organizations to complex new ecosystems with provider organizations,

affiliated physician groups, labs and business associates, all of which are involved in both the provisioning of care and the collection of vast amounts of information from patients. In order to address these changes, healthcare providers have to evaluate the security needs for different functions in the network. The challenge is building a common security platform to build and deliver a quality of care model.

Q: What do you view as the most eminent threat to healthcare IT security?

Hanson: I believe that the single most eminent threat to the health IT security industry is the fact that according to a Ponemon study a single PHI record is worth $50 on the street in the hacker community. If you think about it, all the keys to the identity castle are in ePHI, including the ability to use a patient’s medical insurance information to obtain prescription medicines. The industry’s problem is that since 2009 our nation’s healthcare organizations have lost over 30 million healthcare records, according to HHS’s wall of shame. That level of loss is unacceptable and it does not have to happen, as there are cost effective ways to better protect PHI technically as well as operationally.

Q: What are the next top concerns in healthcare IT security?

Hanson: Given the postponement again of ICD-10, top concerns I see are renewed projects to reduce the risks associated with handling ePHI. Healthcare providers are realizing that HIPAA has teeth as the Office for Civil Rights has stepped up enforcement, and OCR is handing out penalties for loss of patient data.

Q&A: Security challenges grow as IT changes healthcare delivery systems – Interview with Mark HansonIt’s no secret that health IT executives across the healthcare sector are facing a dizzying array of security challenges. Mark Hanson, U.S. Director-Healthcare at Fortinet, recently offered his take on the most critical issues.

Fortinet maintains a robust focus on security, and was created with an integrated security vision to increase protection and control, while optimizing performance, simplifying management and reducing costs. The company pioneered an innovative, high performance multithread network security platform to address the fundamental problems of ever-evolving, sophisticated multi-vector IT threat landscape. Fortinet has pursued that vision for the last 14 years and continues to innovate and enrich its solution portfolio.

www.fortinet.com

High Performance Network Security


SEPT. 8-9, 2014THE WESTIN

BOSTON WATERFRONTBOSTON, MA

Protecting Data Assets and Managing Risks

The most importantPrivacy & Security event of the year!

PRESENTAND

SYMPOSIUM

DEC. 7, 2014mHEALTH SUMMIT

GAYLORD NATIONAL RESORT & CONVENTION CENTER

WASHINGTON, DC AREA

HealthPrivacyForum.com

mHealthSummit.org


The premier domestic and international conference and expo for mobile and

connected health —connecting people, ideas, innovations and opportunities.

With a commitment to delivering the most relevant information, invigorating

experiences, new opportunities and disruptive ideas—the mHealth Summit

attracts the largest, most diverse and infl uential audience in the fi eld.

ATTEND. EXHIBIT. SPONSOR.

WHERE THE WORLD COMES TO CONNECT

AN ECOSYSTEM OF OPPORTUNITY

Organizing PartnersPresented By

white

News and Insight from the Healthcare Community

SEE YOU IN BOSTON IN SEPTEMBER & IN SAN DIEGO NEXT MARCH!

WWW.HIMSSMEDIA.COM

SYMPOSIUM

Documents

PROGRAM GUIDE - Dataguise