Healthcare IT SIG: Protecting Personal Health Information Under the New HIPAA Omnibus Rule



  • Online registration is now closed. You may register at the door. Thank you!

    Note - Please arrive by 7:00 PM, since doors lock and meeting starts promptly.

    According to the U.S. Department of Health and Human Services,“The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.”( 

    "The Omnibus rule became effective on March 26, 2013; impacted vendors have six months from that date to become compliant with the new standards. Vendors can also continue to operate under existing agreements – as long as they are HITECH compliant – until March 26, 2014. But itʼs clear that this new ruling will force many vendors to transform both their agreements and their compliance practices. Smart vendors will begin adapting now." 

    Our panelists will discuss the implications of the new HIPAA rule for healthcare startups, especially with respect to "Business Associate Agreements." Additional topics that will be addressed include some privacy and security aspects of “Bring Your Own Device,” which refers to clinicians and administrators using personally-owned smart phones, tablets, and computers to access healthcare organization IT resources like email or Electronic Medical Records, and Mobile Application Development. Note that there are also implications for the way healthcare providers need to "…easily and securely exchange patient health information … to meet Stage 2 Meaningful Use [health information] exchange requirements and overall care coordination needs." (


    Christine Sublett, President, Sublett Consulting, LLC 
    Sublett Consulting specializes in assisting healthcare and technology companies with security, privacy, compliance, audit, and risk management issues. Previously, she served as Vice President Security, Risk Management and Compliance for StayWell Health Management, a population health management solution, where she directed all aspects of security, risk, and compliance. She served in the same role for LifeMasters Supported SelfCare, prior to its acquisition by StayWell. In her additional role of VP, Information Technology, she led the integration between the two companies’ IT departments. Prior to this, she served as the Chief Information Security Officer at Lucile Packard Children’s Hospital at Stanford, where she built and managed the information security department. 

    Christine’s career has spanned the healthcare, technology, and biotech industries, in start-up and established companies, with a variety of executive leadership positions in security, compliance, risk management, privacy, and information technology. 

    Christine has presented on security and privacy issues at a number of conferences, including the Up Cloud Computing Conference. She teaches and advises on security and privacy issues at Draper University, and in the University of California, Santa Cruz extension program on Data Privacy and Security for Healthcare and Biosciences. She also serves on the El Camino Hospital Board of Director’s Privacy, Compliance and Audit committee. 

    Jeffrey L. Brandt, - BSCS, GC-BMI, CTO of pHmHealth, A.K.A. "Mad Mobile Scientist" 
    Jeff's career started in mobile telecom and Location Based technologies, transitioning to online financial services (ePayment) as Senior Software Engineer at CyberCash (sold to Verisign). One of Jeff's startups developed a single-sign-on Enterprise Service Bus in 2002. With the advent of the iPhone and Jeff's graduate work at OHSU in Medical Informatics lead him to developed the first secure Personal Health Record (PHR) for the iPhone and Android. 

    Jeff is one of the authors of "mHealth: From Smartphones to Smart Systems," a HIMSS publication and most recently served as Author and Editor of mHIMSS Roadmap on Privacy and Security, Interoperability and Standards. Jeff was a speaker at HIMSS12 and HIMSS13 on Privacy, security and Interoperability and Standards. Jeff is also member of HL7 Mobile Health Task force and co-chair of mHIMSS mHealth Interoperability and Standards workgroup. Jeff recently started a Meetup: mHIMSS Bay Area.


    6:30 - 7:00 p.m. Registration / Networking / Refreshments

    7:00 - 7:15 p.m. Announcements and Introductions

    7:15 - 8:15 p.m. Presentations and Discussion

    8:15 - 8:45 p.m. Wrap-up / Networking

    (we must vacate the building by 9:00 to avoid triggering the security system)