Privacy and security professionals, lawyers, technologists, policymakers, and academics connect and collaborate in a rigorous learning environment during this three-day event at George Washington University’s Marvin Center in Washington, D.C.
DWT partner Sean Hoar was at this event presenting a workshop entitled "Assessing Risks and Cyber Insurance Needs" on October 24. This hands-on exercise taught participants about:
- The types of terms that should be focused on for an organization’s needs, and how to understand those terms.
- How cyber insurance would likely respond to various breach scenarios and how to maximize coverage through the choice of different terms and/or insurance limits.
Sean also gave a presentation entitled “Responding to Healthcare Data Breaches: The Need for Special Response Measures” on October 25. This talk covered topics like:
- How healthcare data breaches differ from other data breaches.
- Advice about the types of special measures that ought to be taken in this context.
DWT partner Adam Greene was also at the event, and presented "Current and Future HHS Initiatives in Health Privacy." This session focused on current and future initiatives at HHS:
- The status of the audit program.
- HIPAA and health information exchange.
- The current state of enforcement.
- Upcoming regulations on accounting of disclosures and sharing penalties with harmed individuals.
Greene also moderated a group session, "Managing Third-Party Risk for Health Data," as part of the all-day Health Privacy + Security Intensive Day on October 24. This discussion covered several topics, including:
- What level of due diligence and monitoring of vendors does HIPAA require? How does this differ from the FTC’s approach?
- What is the best way to identify which vendors pose the most risk?
- Where HIPAA does not require a business associate agreement, what is best practice?
- Benefits and drawbacks security questionnaires, third-party assessments, certifications, and other assessment tools.
- What privacy and security provisions are appropriate beyond the HIPAA requirements?