Health Privacy + Security Intensive Day 2018

Intensive Day – Wednesday, Oct. 3, 2018

Intensive Days are all-day events that feature primarily small discussion groups among seasoned professionals. Intensive Days differ from workshops in that workshops are shorter and more introductory in nature.

Intensive Days are for seasoned professionals, and the discussion will be focused and advanced. Intensive Days are for deep dives into topics.

The Health Privacy and Security Intensive Day is a way to join your peers in a sophisticated series of discussions about cutting-edge issues involving privacy and security. There will be unparalleled interactivity. Most of the day will be spent in seminar-style discussion groups.

What is the Health Privacy + Security Intensive Day?

It is a special all-day event — like a “seminar within a conference” — that will occur on Wednesday, Oct. 3, 2018, the day prior to the Privacy+Security Forum. They feature small group discussions among seasoned professionals. The conversations will be focused and advanced, with unparalleled interactivity. Intensive Days differ from Workshops in that Workshops are shorter and more introductory in nature.

George Washington University Marvin Center
800 21st Street Northwest
Washington, DC 20052


Faith Knight Meyers
Faith Knight Myers

Global Privacy Leader

Adam Greene
Adam Greene

Davis Wright Tremaine

Jennifer Archie
Jennifer Archie

Latham & Watkins


Our chairs for the Health Privacy and Security Intensive Day plan the event and determine the topics for discussion.

Schedule Health Privacy + Security Intensive Day

Breaks and lunches will be with everyone present on the pre-conference day, so if you have colleagues attending workshops or Intensive Days on other topics, you will have time to network with them.

9:00 AM – 4:30 PM
Room 301



Conference Materials

7:30am – 9:00am   Breakfast
9:00am – 10:15am   Session 1
Room 301

What We’re Hearing from the Regulators

Where have the Office for Civil Rights (“OCR”), FTC, state attorneys general, and other regulators been focusing their health information privacy and security enforcement efforts recently? What policy changes do we expect to see? What have we learned about OCR HIPAA expectations from recent desk audit results and investigations? This session will share what the moderators and attendees have been seeing over the past year from various regulators.

10:15am – 10:45am   Break
10:45am – 12:00pm  Session 2
Room 301

Managing Third Party Privacy and Security Risks

Managing third party privacy and security risks is a critical component of managing the overall risk to an organization.  An organization can delegate its authority, but not its accountability.  This session will cover vendor management issues from both the upstream and downstream entity’s perspective.  How can an organization balance demonstrating its accountability for multiple clients simultaneously?  What are some of the practical considerations that organizations face when judging compliance from afar?   We will discuss what we can learn from recent events in managing third party risk, including the acquisition of new third parties and when they close up shop.

12:00pm – 1:30pm Lunch
1:30pm – 2:45pm Session 3
Room 301

Advanced Data Breach Session

  • Post breach investigations and enforcement highlights: the year in review
  • A deeper dive into long term outcomes, looking at the largest breaches: what can we all learn from these events to better mitigate post-breach consequences in the areas of (i) breach response, (ii) notification, (iii) regulatory investigation and enforcement, and liability to (iv) shareholders or (v) class action plaintiffs?
  • Top Five Mistakes to avoid at the breach notification stage

2:45pm – 3:15pm Break
3:15pm – 4:30pm Session 4

Room 301

Removing the HIPAA Blinders: Impact of Other Laws in Health Information Privacy and Security

Whether it is a hospital system focused primarily on HIPAA compliance, or a healthcare start-up looking to market that it is “HIPAA compliant” and sign business associate agreements, it is easy to lose sight of the myriad privacy and security laws other than HIPAA impacting organizations collecting, handling, or simply monetizing large sets of consumer health-related data. This session will discuss the challenges that moderators and attendees are seeing with respect to complying with, or understanding the scope of, other laws, such as 42 C.F.R. Part 2 (governing substance use disorder patient records), GDPR, state breach laws that are increasingly encompassing medical information, state laws governing privacy and security of medical records and specific conditions, the Telephone Consumer Protection Act, and the FTC Act.


The Health Privacy and Security Intensive Day will be on Wednesday, October 3, 2018.  The Privacy+Security Forum will be on Thursday, October 4, 2018 and Wednesday, October 5, 2018.  The fee for participating in the Health Privacy and Security Intensive Day is separate from the fee to participate in the Forum. You can register for the Health Privacy and Security Intensive Day independently from the main Privacy+Security Forum.

Intensive Day Admission 2018

Early Bird

on or before July 31, 2018

Full Price

on or after August 1, 2018

Intensive Day (price for each)



Intensive Day (price for each – academic/NGO/gov’t)