[Chapter] 5th Annual Privacy & Security Forum

January 31, 12:30am, WET - 7:00am, WET

Hoag Hospital Conference Center
1 Hoag Drive 
Newport Beach, CA 92663


Non-member Price: 

Slide Presentations & Videos Now Available
Scroll Down to Speakers to Download
Click here to go to our YouTube Channel


The Southern California Chapter once again welcomes you to a fantastic Healthcare Privacy and Security event!

This year we feature speakers from the FBI, National HIMSS, and experts in the field of Information Security with solutions that work and are effective against today’s threats.

HIMSS, ISACA LA, ISSA LA, ISSA OC, OWASP LA, and NH-ISAC, will once again make this event one to remember!

Learn from provider and payer specialists on some of the challenges and solutions that are faced by the industry.

A few issues that will be discussed are as follows:

  • The role that the FBI plays in Healthcare community around threat monitoring and support
  • Current Cyber security threats that are being tracked and Cyber threats impacting the country and the industry in general
  • HIPAA privacy and security compliance challenges that confound many executives and their IT departments.
  • A review of Real-world Data Breaches and Cybercrime
  • Deployment of vulnerability assessment tools and remediation

Please join us for a day of fun and learning at the Hoag Hospital on January 30, 2015.

Agenda      Download PDF

Speaker Bios



SLIDES - President's Welcome


Director of Privacy and Security
HIMSS North America

Predictions for 2015 and Beyond: Be Ready and Prepared for the Unknowable.

It is now 2015.  2014 was indeed a turning point for healthcare information security: nation state actors, hacktivists, insider threat actors, and more.  

Are we ready for increasingly sophisticated threats and threat actors?  This session will provide a retrospective view of key events in 2014 and a summary of HIMSS efforts in education and advocacy within the privacy and security arena.  Predictions pertaining to cyber threats and threat actors will also be provided for 2015 and beyond.



Mac McMillan, FHIMSS, CISM
Chairman, CEO & Co-Founder
CynergisTek, Inc.
Mac McMillan
The Importance of Cybersecurity in a Complex Threat Environment

Healthcare executives continuously face more complex security threats and the need for an effective security is a business imperative. The key to a successful security program requires an understanding of cyber threats and needs leadership support to ensure necessary adoption. This session will identify threats and create necessary awareness of today's cybersecurity environment.

Learning Objectives:

  1. Identify the most pressing cyber security concerns and trends that healthcare provider organizations face today
  2. Describe strategies for mitigating risk associated with cyber threats
  3. Implement proven strategies for creating cyber risk awareness and incorporating the proper protocol to ensure it is a part of an organization’s culture



Frederick J. Simon
Special Agent/Assistant Coordinator
FBI InfraGard, Los Angeles

Cherie J.Kono
Program Director
FBI InfraGard, Los Angeles

 FBI Cybersecurity Update

Tom August, CISSP
Co-author, CISO Handbook

Tom August

Sajid Ahmed
Chief Information & Innovation Officer
MLK Hospital

Sajid Ahmed

John Jaymes
Good Samaritan Hospital
Information Security Officer

John Jaymes

Managing Business Associate Risks and Expectations

Today, the Healthcare industry is facing a perfect storm of risk factors related to their third-party Business Associate relationships, such as: 

  • Increased OCR attention and strong financial penalties levied in 2014 for HIPAA data breaches of Protected Health Information.  Many of these involved third-party Business Associates.
  • 2013's HIPAA Omnibus Rule has imposed much stricter requirements for HIPAA data breach reporting for both CE's and BA's.  Additionally, increased pressure has been placed on covered entities to assess and monitor their third-party Business Associate risks.  Further, Business Associates are now being held accountable for compliance with HIPAA security requirements.
  • Increased adoption of both Mobile and Cloud Computing technologies in order to provide improved patient care and lower costs.  However, many of these technologies and services are managed and controlled by third-parties. 
  • An increasing number of reportable HIPAA data breaches at covered entities are being caused by either inadequate third-party security practices or the CE's failure to establish Business Associate Agreements with these third-parties.

Please join our panel of distinguished Information Security professionals as they share their experiences, concerns and best practice ideas for managing the risks and expectations of Business Associate relationships.