| Date | Event |
Hours |
| Monday, October 20 |
Drop-in Evening Reception |
7:00 pm -- 9:30 pm |
| Tuesday, October 21 |
Day program |
9:30 am -- 5:30 pm |
| Wednesday, October 22 |
Day program |
8:00 am -- 5:30 pm |
| Thursday, October 23 |
Day program only |
8:00 am -- 2:30 pm |
|
Tuesday, October 21 |
||
| 9:30 am --10:00 pm | Welcome & Conference Overview | Ann Geyer Tunitas Group |
| 10:00 am --12:00 pm |
Introduction to Health Information Risk Management | |
| 12:00 pm --12:30 pm | OCTAVE Principles and HIPAA Compliance | |
| 12:30 am --2:00 pm | Lunch | |
| 2:00 pm -- 2:30 pm | Introduction to the OCTAVE Methodology | Steve Kruse Bruce Gossard Impruve |
| 2:30 pm -- 3:30 pm | Benchmarking Security Practices | |
| 3:30 pm -- 4:30 pm | Information Asset Inventory ~ Selecting assets for detailed analysis | |
| 4:30 pm -- 5:30 pm | Biomedical Devices ~ The oft-forgotten health information assets | Dennis Seymour
CHIS, VA |
| 5:30 pm -- 6:30 pm | Break | |
| 6:30 pm -- 8:00 pm | Dinner and Evening Speaker The Meaning of "Reasonable and Appropriate" in Federal Regulation |
Mike Evans, Esq. Sutter Health |
|
Wednesday, October 22 |
||
| 8:00 am -- 8:30 am | OCTAVE Tools and Risk Analysis Documentation Aids | Steve Kruse Bruce Gossard Impruve |
| 8:30 am -- 9:15 am | Threat Trees -- Identification and Analysis | |
| 9:15 am -- 11:15 am | Threat Identification Workshop | |
| 11:15 am 12:00 pm | A cost effective approach to Technical Vulnerability Assessment | Ray Balut Sutter Health |
| 12:00 pm 12:30 pm | Lessons Learned - One HCO's Risk Analysis | TBD |
| 12:30 pm --2:00 pm | Lunch | |
| 2:00 pm -- 2:30 pm | Impact Assessment | Bruce Gossard Impruve |
| 2:30 pm -- 3:00 pm | Likelihood Evaluation | |
| 3:00 pm -- 4:00 pm | Threat Assessment Workshop | |
| 4:00 pm -- 5:00 pm | Assessing Protection Strategies | |
| 5::00 pm -- 5:30 pm | Comparing the Risk Mitigation Value of Specific Security Investments | TBD |
| 5:30 pm -- 6:30 pm | Break | |
| 6:30 pm -- 8:00 pm | Dinner and Evening Speaker Physicians as Risk Management Partners |
Jack Lewin, MD Calif. Medical Association |
|
Thursday, October 23 |
||
| 8:00 am -- 8:30 am | Organizing the Risk Management Team | Ann Geyer Tunitas Group |
| 8:30 am -- 10:00 am | Developing the Risk Mitigation Strategy | Steve Kruse Bruce Gossard Impruve |
| 10:00 am 10:15 am | Break | |
| 10:15 am 11:00 am | The Decision to Accept or Transfer Risk | David Schinderle AllHealthLogic |
| 11:00 am 12:00 pm | Risk Assessment and Litigation Defense | John Christenson, Esq.
Preston,Gates&Ellis |
| 12:00 pm --1:00 pm | Lunch | |
| 1:00 pm -- 1:45 pm | Presenting the Risk Analysis to Management |
Ann
Geyer |
| 1:45 pm -- 2:15 pm | Risk Management as a Continuous Improvement Process |
Steve
Kruse |
| 2:15 pm -- 2:30 pm | Conference Wrap-up |
Ann
Geyer |