Boston, 2018 x2, MA
Oct. 15-16, 2018

Jane Harper

Director Privacy & Security Risk Management
Henry Ford Health System

Jane Harper has over 18 years of risk, compliance, audit and security experience. Throughout her career she has established and supported, security, compliance audit and risk functions for various types and sizes of organizations. Jane also has a  strong  technical background having been a network administrator and IT leader. She also has experience implementing controls unique to healthcare and financial services, two of the more heavily regulated entities having spent over 10 years on both the provider, and insurer side of healthcare and six years on the operations and consulting side of financial services.  

Jane's career includes developing the strategy, designing the solution, implementing and maintaining various risk, compliance, audit and security programs and practices domestically and internationally. She has interfaced with various levels and types of regulators, acquiring banks and key customer organizations for various programs including HIPAA privacy and security compliance, meaningful use, PCI, NACHA, PIPEDA, UK Data Protection Act, Basel 2 and 3, DIFS, FFIEC Security, CMS compliance and solvency risk management requirements to name a few.

She has published on compliance and risk management, been cited and interviewed by industry publications like Information Week and Detroit Crain's Business. Her quantitative statistical analysis work was used as a student supplement to the McGraw-Hill Visual Statistics book.  

October 15, 2018
3:30pm - 4:10pm
America Ballroom

Welcome to the Think Tank!

This highly interactive and fun session leverages the audiences’ collective experience to drive greater value and takeaways. It works like this: For the first 10 minutes, each table discusses individual roadblocks and challenges with 3rd party risk management. Then a designated attendee from each table takes the floor microphone and asks our panel of experts a key question from the table discussion. The goal here is to cater to specific interests of attendees to provide the most pertinent and valuable information possible.

More and more, breach and enforcement activities against covered entities result from the actions or in-actions of third party partners. Poor engagement, oversight, monitoring and dis-engagement often leaves covered entities responsible for all of the risk, fees, and reputational fall out.

In this session, get your questions answered and learn best practices to mitigate 3rd party risk.

October 15, 2018
2:20pm - 3:00pm
St. George A/B

If you are worried about insider threats, you should be.The Ponemon Institute reported this year that insider threats now account for 87% of all cyber incidents: 64% from privileged user negligence, 23% perpetrated by malicious insiders.

In other words, education at many organizations has failed – as have perimeter defenses, rendered ineffective against increasing sophisticated attacks.

In this session, a leading healthcare attorney draws on security research to show that to reduce insider threats, rather than rely on technology, healthcare organizations must change their mindset and focus more on people and process – and view employees as threat vectors and not innocent victims of cybercrime.

Attorney Barry Herrin discuss six “Big Decisions” organizations must make to mitigate this weakest link. These include:

  • Cutting the cord to social networking and personal email accounts.
  • Treating access as a privilege, not a right.
  • Deciding when to shift from education to punishment.

Barry will then moderate a group discussion with a healthcare risk-management leader and share best practices to help attendees shore up and button down their approach to mitigating insider threats.

Get Updates

Sign up to get the latest information on upcoming events.