PROGRAM
7:45-8:45
8:45-9:00
9:00-10:15
10:15-10:45
10:45–12:00
12:00–1:00
1:00-2:15
2:15-2:30
Registration & Continental
Breakfast
Welcome & Introductions-
President Greg Margrett
Keynote– Byron Franz, FBI
Milwaukee
BreakA chance to visit with our Exhibitors
Breakout Sessions Group 1-
Privacy/Security or EDI
LunchNetworking with fellow attendees
Breakout Sessions Group 2 -
Privacy, Security or EDI
BreakA chance to visit with our Exhibitors
Privacy, Security or EDI
:
For reservations made by
Thursday evening is $89 *
1350 Royale Mile Rd.
Friday, March 20th, the room rate for
Oconomowoc, WI 53066
Directions:
Take I94 to
(After that date, availability
& rate can’t be guaranteed).
Exit #282 (Hwy 67).
Go north on Hwy 67 for 1.5
Make Reservations by:
Phone:
Call Olympia directly at miles. Olympia Resort will be on the left.
1(262)369-4999.
Then request a room in the
HIPAA COW Block. or
Online : HERE
Then enter Promo code
HIPAA
*Rates are subject to state and local taxes. *$89 rate also available Wednesday and Friday.
Our Spring Conference will Feature:
 Convenient online registration
with the ability to pay via check or Pay Pal.
 Continued low registration rates of $125 for Early Bird (deadline
March 20) and $150 thereafter.
 Very affordable hotel room rate of $89.
 Convenient location between
Madison and Milwaukee on I94.
 Breakout sessions that will cover
Privacy, Security & EDI topics.
Credits!!
View approval HERE.
Questions? admin2@hipaacow.org or (651)340-6426
General Wisconsin CLE
Our website has materials specifically designed to pro-
Continuing Legal vide an introduction to HIPAA basics. These materials may be especially beneficial to individuals new to
Education (CLE) Credits:
This entire program has
HIPAA. If you have a limited understanding of HIPAA, we recommend you view these prior to attending our been approved for 4.0 resources page: http://hipaacow.org/resources.
We thank them for their support!
In an effort to reflect the environmental changes going on around us, session handouts will no longer be printed but they will be made available prior to the conference so attendees can download the handouts to their mobile devices or print their own handouts should they choose to do so.
An email with a link to the handouts will be sent to all registered attendees a few days prior to the event.

Keynote Session Insider and Cyber Threats to
Healthcare
This session will describe the massive ongoing threat to U.S. businesses and academic institutions from malicious computer intrusions, cyber attacks, and the theft of “trade secrets,” those nuggets of intellectual property that drive innovation and business activity. Recent federal prosecutions in the State of
Wisconsin will be used as examples, with two of these directly affecting the healthcare industry. The growing threat posed by illegal access to Internet-connected medical devices will be discussed. Mitigations to these threats will be suggested along with the role of the FBI in helping organizations defend against them.
Byron Franz, Special Agent, FBI Milwaukee
Byron Franz is a Special Agent with the Federal Bureau of Investigation (FBI) and has worked national security investigations for over 17 years. Earlier in his career, he served as an
FBI SWAT Team operator and led the investigation of an Indiana man who was convicted of working as an agent of Saddam
Hussein’s intelligence service. Special Agent Franz currently serves as the Coordinator for the FBI’s Strategic Partnerships and InfraGard programs in the State of Wisconsin, where it is his responsibility to foster public-private partnerships between government agencies, universities, and corporations, including
Wisconsin’s healthcare providers, to better safeguard those organizations against computer intrusions and economic espionage. Special Agent Franz was educated in Wisconsin, having received his B.A. (Russian and International Relations) and law degree from the University of Wisconsin-Madison, and being a graduate of St. Francis High School.
Security): Privacy Training:
Tips, Tricks and Case Studies
In this session:
1. Attendees will learn how to:
 Explain the laws non-legalistically
 Give actionable and pragmatic privacy examples and instructions
 Empower, motivate and scare (just a little) a diverse health care audience
2. A variety of Case Studies will be provided
Daniel Weissburg, University of WI Hospital and
Clinics
Dan Weissburg has been the Compliance and Privacy Officer at
University of Wisconsin Hospital and Clinics (UWHC) in Madison since 2007. Included among his responsibilities at UWHC are directing the Privacy/Security Breach Investigation Team and leading “snoop”, “blab” and “mix-up” investigations. Dan lectures before and educates thousands of employees on privacy issues each year. He has practiced healthcare law for 24 years, previously with firms in Washington DC and Chicago. He is widely published and was previously the Editor-in-Chief of the CCH
Healthcare Compliance Portfolio. Dan's law degree is from
George Mason University School of Law, and he earned a BA in
Political Science and History from UW-Madison, where he was president of the Order of Omega.
He lives in Middleton with his wife, has two sons in college, and spends his free time spoiling his Labradoodle, Wrigley.
Session 102(EDI): The HIPAA-mandated CAQH
CORE Operating Rules – What’s on the Horizon?
This session will provide a high level overview of the third set of the ACA required operating rules currently in development by
CAQH CORE as Phase IV CAQH CORE Operating Rules. These
Operating Rules will address the remaining HIPAA-mandated ASC
X12N specifications for claims (837), health care services review aka prior authorization (278), benefit enrollment and maintenance
(834) and health plan premium payment (820). A special focus will be on the draft Phase IV Connectivity and Claim Infrastructure rules which will be completing the CAQH CORE rule development and approval process in Q1 2015. Given that these draft
Phase IV CAQH CORE Operating Rules build upon and extend requirements from the Phase I, II and III CAQH CORE Operating
Rules for eligibility, claim status, EFT and ERA, which have already been mandated by ACA, the session will provide a brief review of the industry’s implementation challenges and learnings.
Rachel Foerster, Rachel Foerster & Associates, Ltd
Rachel Foerster is the CEO of Rachel Foerster & Associates, Ltd. in Beach Park, Illinois, an independent consulting practice founded by her in 1993, dedicated to assisting the health care industry with the transition to Electronic Commerce. She is also a Senior
Consultant with Boundary Information Group headquartered in
Denver. Rachel is a key consultant for CAQH CORE ® , providing subject matter expertise and staff support since its launch in
2004. In this role she has represented CAQH CORE in several important health care health information technology efforts .
Rachel is well known within the health care EDI arena due to her leadership positions in several industry organizations, including over 20 years designing, developing and implementing a variety of proprietary and standards-based EDI systems to support hospitals, distributors, manufacturers and other organizations for online, batch and interactive electronic information exchange. Specific areas of focus included HIPAA, materials management and financial EDI implementations.
Cancellation Policy: HIPAA COW reserves the right to substitute faculty or cancel or reschedule programs due to low enrollment or other unforeseen events. If, for any reason, HIPAA COW must cancel this program, registrants will receive a full refund of the registration fee (or a credit to be used for a future HIPAA COW event). Should you be unable to attend, a refund, less a $25 processing fee, will be given for cancellations received 72 hours prior to the event. There will be no refund given if notice is given less than 72 hours prior (even if weather related). Substitutions can be made anytime before the start of the event.

HIPAA Harmonization - One
Year Later
It’s been a year since Wisconsin harmonized the State’s mental health privacy laws with HIPAA. Since then, healthcare providers have been working to change internal policies related to the privacy of mental health records. This session will focus on:
 The benefits: greater continuity of care between mental health providers and primary care providers
 The barriers: changing providers understanding of confidentiality requirements, addressing patient expectations, and EMR challenges.
Sarah Coyne will provide a legal overview. Nancy Schallert, Executive Director of Compliance at Froedtert Health, and Kirk Yauchler, Manager of Behavioral Health at ProHealth Care, will discuss the logistical aspects of implementing the new law.
Sarah Coyne, Quarles & Brady, LLP
Sarah Coyne is national chair of the health law group at Quarles
& Brady LLP, and has an active practice advising hospitals on all regulatory issues with a focus on health information issues. Sarah was named Health Law Attorney of the Year for 2011 by the
Wisconsin Bar Association. She holds a Martindale-Hubbell AV
Peer Review rating, has been listed in The Best Lawyers in
America every year since 2009, was selected as a 2013 Leader in the Law by the Wisconsin Law Journal and this year was named as a SuperLawyer in health law. She teaches a Health
Law class at the University of Wisconsin Law School.
Nancy Schallert, Froedtert Health
Nancy Schallert is currently the Executive Director of Corporate
Compliance and Internal Audit for Froedtert Health. She has more than 20 years of experience in healthcare serving in a variety of roles in different healthcare settings, including health information management, revenue cycle consulting, information technology consulting, JCAHO preparation, privacy, regulatory compliance, research compliance, and internal audit.
Kirk Yauchler, ProHealth Care
Kirk Yauchler has worked in hospital and clinic-based behavioral health services since 2000, and has managed behavioral health operations for the past 3 years. He has been with ProHealth
Care since 2006, and currently oversees the Outpatient and Assessment & Referral behavioral health departments. Over the past year he has participated in the WI Epic User Group’s webinar discussions on the topic of HIPAA Harmonization, as well as
PHC’s internal workgroup on implementing HIPAA Harmonization.
Session 202(Security): Audit Logging Panel
Who wants to do a privacy/security audit? The answer of course is that no one ever wants to but sometimes we have to. We will present some case studies and suggest what is needed, what is useful, and what is not. IT Staff needs to work with privacy and compliance staff to provide the detail needed to protect our patients. Audits can also involve legal staff in case a violation has taken place. As a panel, we will share ideas on how this cooperation can happen. (Cont’d next column)
Moderator: Jim Sehloff, CareTech Solutions
Jim Sehloff currently serves as the Security Officer for Care-
Tech Solutions at Holy Family Memorial Health in Manitowoc,
Wisconsin, and has been involved with HIPAA security since the advent of the security rules. In his role, Jim oversees both privacy and compliance audits for Holy Family, including “reactive” audits performed following patient requests as well as
“proactive” audits to ensure HIPAA compliance.
He has been actively involved with HIPAA COW for many years, including serving as a co-chair of the Security Networking Group.
Panelists: Bob Bennett, NaviLogic
Bob Bennett has over 20 years of experience in IT, Information
Security and Risk management; the last 13 years primarily leading risk management and assurance programs in medical device industries and consulting to healthcare and related industries. In 2013 his security and audit program won a GRC Value
Award, where the audit program component alone directly saved his organization nearly $1 million per year. He is currently a cofounder of NaviLogic, responsible for consulting services delivery and development; with many long-term healthcare service and healthcare-related clients. Mr. Bennett has a bachelor’s degree in electrical engineering from the University of Minnesota.
Brian Blanchette, SVA Healthcare Services
Brian Blanchette is the Risk Management and Governance Regulatory Compliance (GRC) Senior Consultant for SVA Consulting,
LLC, an affiliate of SVA Certified Public Accountants, S.C. With over 20 years of experience in IT security, compliance and risk management, Brian has a record of unceasing accomplishment as a senior advisor and consultant and has experience working with the HIPAA Security and Privacy regulations from a hands-on corporate stand point as well as an auditing/consulting basis. He routinely provides thought leadership concerning compliance, risk management and information security to clients in the healthcare and insurance business sectors.
Lee Kadel, Wheaton Franciscan Healthcare
Lee Kadel has worked in the IT field for over 25 years, including the last 12 years as an Information Security Analyst for
Wheaton Franciscan Healthcare. He holds, or has held, multiple industry certifications including MCSE, CCSA, CCA, NTCIP,
GSEC, and GHSC. He also has two Masters Degrees – a Master of
Science in Management of Technology, and a Master of Science in Executive Business Administration. Lee is an active member of several industry organizations including the FBI InfraGard program , the Curriculum Advisory Board for Milwaukee Area Technical College, and the Collegiate Cyber-Defense Competition. Lee serves on the HIPAA COW Board of Directors, the HIPAA COW
Security networking group, and is a co-founder and co-chair of the HIPAA COW Risk Management networking group.
Sarah Kleaveland-Kupczak, Wheaton Franciscan
Sarah Kleaveland-Kupczak is the Vice President of Corporate
Compliance for the Wheaton Franciscan Healthcare system. In that role, she is responsible for the patient privacy and security program for multiple hospitals, physician practices, home health, hospice, skilled nursing facilities and durable medical equipment companies across three states. Sarah has been in healthcare compliance in various capacities for nearly 20 years-often focusing on the use of data analytics in compliance and privacy investigations. She has worked for several health care systems and a
CMS fiscal intermediary. In a prior life, she practiced law.

Session 203(EDI):Operating Rules Pain Points & YOU
Review the differences between the phase 4 Operating Rules and the first 3 phases from Rachel Foerster, then join in a discussion on the pain points with phases 1, 2, and 3 being felt on the provider and payer sides. Audience members will learn from others in attendance what they have done to get past those pain points. Feedback will be solicited in the session, and via surveys to HIPAA COW networking group members and conference attendees prior to the conference.
Rachel Foerster, Rachel Foerster & Associates, Ltd
See bio from Session 102.
Release of Information –
Managing Disclosure of PHI
This session will review how to approach and analyze release of information requests and scenarios in accordance with HIPAA and state law. Presenters will discuss disclosure scenarios and various common disclosure situations including subpoenas and court orders.
Presenters will review patient requests for release of information under HIPAA and State Law including a discussion of electronic format requests, requests to transmit PHI, and applying copy fees in an electronic environment.
Amy Derlink, Iod Incorporated
Amy Derlink graduated from the University of Pittsburgh with a degree in Health Information Management. She started as a coder before joining IOD in 1995 as an Operations Manager then was promoted to Privacy Officer in 2004. Amy became a Certified HIPAA
Administrator in November, 2012.
Amy remains on the forefront of state and federal laws governing
HIPAA Privacy and Security of Health information and communicates regulatory changes to the company. Amy hosts regular webinars on topics such as Meaningful Use, HITECH and other regulatory updates and contributes to a HIPAA blog. Additionally, Amy travels to national, state and regional association conventions and meetings to speak on HIM-related issues. Most recently she presented on the Impact of OCR Audits at the 2013 AHIMA National Conference in Atlanta, GA and has won the 2014 Forst and Sullivan CIO
Impact Award for meeting Data and Network Resilience with Innovative technology in the privacy of Health Information.
Peg Schmidt, Aurora Healthcare
Peg Schmidt is the Chief Privacy Officer for Aurora Health Care.
In that role Peg is responsible for the Privacy Compliance program across the entire integrated health system that includes 30,000+ employees and 15 hospital campuses, 172 clinic sites, and 70+ community pharmacies in more than 90 communities throughout eastern
Wisconsin and northern Illinois. Peg’s professional background is in
Health Information Management as an RHIA and holds additional credentials as Certified in Healthcare Privacy and Security. Peg is currently a member of the AHIMA Privacy and Security Council.
She is active as a conference speaker on various topics including
HIPAA Privacy and Release of Information.
Fall: October 23, 2015: Wilderness Resort, WI Dells
Mega Healthcare Conference: January 20-22, 2016:
Kalahari Resort, WI Dells
Session 302(Security): Information Security
Roundtable
One of the extraordinary benefits of attending the HIPAA
COW Conference is the caliber of healthcare security talent within our own membership. Do you have a problem that you would like other opinions on? Have you implemented something recently that is so awesome that you would like to share the success with others? We will discuss any security concerns you may have, from mobile, cloud, social media, big data, APTs, recent attacks, new products on the market, trends in cybersecurity, or whatever your current issue is!
Todd Fitzgerald, Grant Thornton International
Todd Fitzgerald is the Global Director of Information Security for Grant Thornton International, Ltd. providing strategic information security leadership for Grant Thornton member firms supporting 38,500 employees in 126 countries. Todd has been leading information security programs for 17 years and is ranked as a 2013 Top 50 Information Security Executive, named as a 2013 Distinguished Fellow by the Ponemon Institute, authored the 2012 book, Information Security Governance Simplified: From the Boardroom to the Keyboard , and coauthored the ISC2 Book CISO Leadership: Essential Principles for Success . Todd most recently co-authored the 2014 Certified Chief Information Security Officer (CCISO) Body of
Knowledge , serves as the CCISO online instructor, and is a past finalist of the ISE Security Executive of the Year award. He earned a MBA from Oklahoma State University and a B.S. degree from the University of Wisconsin-La Crosse, where he is a current advisor to the college of business administration.
Session 303(EDI): How Can We Get This To
Work?!?!
Join others in discussing issues and challenges they are experiencing with their EDI transactions and processes. Moderator
Greg Margrett will facilitate a discussion to help all those in attendance discover best practices and resolution to various
EDI transaction issues. Feedback on issues will be solicited in the session, and via surveys to HIPAA COW networking group members and conference attendees prior to the conference.
Greg Margrett, Passport/Experian
Greg Margrett has held a variety of roles in healthcare IT over the past 15+ years, and is currently Director of Implementation
-Claims for Passport/Experian, a revenue cycle management company headquartered in Chicago and Franklin, TN.
Prior to joining Passport, Greg served on the product management team at Optum/Ingenix where he worked on HIE (health information exchange) products, Direct secure messaging platforms, a workers’ compensation clearinghouse, and the
Netwerkes group medical clearinghouse.
In addition, Greg served as the Director for Payer and Channel
Partner Services at Netwerkes prior to its acquisition by Ingenix, as a payer account manager at Payerpath/Misys, and as the
HIPAA/Clearinghouse Project Manager for Passport Health and Proservices.
Greg currently serves as president of HIPAA COW having served on its Board of Directors since 2007, and has been a presenter at HIPAA COW conferences and webinars as well as at regional and national industry functions (WEDI, AFEHCT,
AHIP) related to HIPAA and revenue cycle management.