Home

The U.S. Department of Health and Human Services (HHS) presents “Data Privacy in the Digital Age,” a Symposium featuring Latanya Sweeney as a Keynote Speaker and a slate of presenters who are privacy thought leaders from academia, government, and industry.  Panelists will discuss privacy concerns on topics ranging from internet-connected devices and electronic medical records to big data analytics and blockchain technology. Attached please find a list of panels and panelists.

REMOTE ACCESS:       www.HHS.gov/live

Conference attendees will be drawn from privacy professionals across the Federal government, industry, and academia. Additionally, CIPP-, CIPM-, and CIPT-certified individuals will be eligible to receive up to 6 CPE credits for attending the event.

Seating for the event is limited. The event will be live streamed on www.HHS.gov/live. To register for the “Data Privacy in the Digital Age” Symposium, please email [email protected] with your Name, Institutional Affiliation, Email Address, and preference as to in person or remote attendance (we will try to honor preferences for in person attendance, but cannot guarantee availability).

To obtain further information or request a reasonable accommodation, please email:[email protected].

Panel 1. Contemporary Health Privacy Challenges
Leo Beletsky, JD, MPH; Associate Professor of Law and Health Sciences, School of Law &
Bouvé College of Health Sciences, Northeastern University
Presentation: “From Panacea to Panopticon: Privacy and Prescription Drug Monitoring in the
Age of the Opioid Crisis”
Kate Black, JD; Privacy Officer and Corporate Counsel, 23andMe, Inc.
Zerina Curevac, JD; Associate, Squire Patton Boggs
Presentation: “A Framework for Notice and Choice in Online Consumer Genetics”
Sharona Hoffman, JD, LLM, SJD; Professor of Bioethics; Edgar A. Hahn Professor of Law;
Co-Director, Law-Medicine Center; Case Western Reserve University School of Law
Presentation: “The HIPAA Security Rule: Strengths and Vulnerabilities”
Kathryn Montgomery, PhD; Professor and Director of the Communication Studies Division,
School of Communication, American University
Presentation: “Health Wearables: Ensuring Privacy, Security, and Equity in an Emerging
Internet-of-Things Environment”
Panel 2. Privacy, Data Sharing, and Research
Deven McGraw, JD, LLM; Deputy Director for Health Information Privacy, Office for Civil
Rights; Acting Chief Privacy Officer, Office of the National Coordinator for Health Information
Technology; U.S. Department of Health and Human Services
Presentation: TBD
Kirsten Ostherr, PhD, MPH; Gladys Louise Fox Professor of English; Director, Medical
Futures Lab; Rice University
Presentation: “Trust and Privacy in the Ecosystems of User-generated Health and Medical Data”
Ameet Sarpatwari, JD, PhD; Instructor in Medicine at Harvard Medical School; Assistant
Director, Program On Regulation, Therapeutics, And Law (PORTAL)
Presentation: “Data Sharing that Enables Post-approval Drug and Device Research and Protects
Patient Privacy: Best Practice Recommendations”
Alexandra Wood, JD, MPP; Fellow, Berkman Klein Center for Internet & Society, Harvard
University
Presentation: “Elements of a New Ethical Framework for Big Data Research”

Page 2 of 3
Panel 3. Privacy Policy and Regulation
Idris Adjerid, PhD, MBA; Assistant Professor of Management, Mendoza College of Business,
University of Notre Dame
Presentation: “The Impact of Privacy Regulation and Technology Incentives: The Case of
Health Information Exchanges”
Jason Chung, JD, MSc; Senior Research Scholar, Sports and Society, NYU School of
Professional Studies.
Presentation: “Biometric Data Privacy Problems in Sports: Why the United States Needs a
National Privacy Regulator”
Lindsay Gladysz Madejski, JD, CIPP/G; Associate, Booz Allen Hamilton
Presentation: “Privacy and Security Considerations for Evidence Based Policymaking”
Efthimios Parasidis, JD, MBioethics; Associate Professor of Law and Public Health; Faculty
Affiliate, Center for Bioethics and Medical Humanities; The Ohio State University
Presentation: “Ethical and Legal Dimensions of a Risk-based Rubric for Data Privacy”
Panel 4. From Patient to Participant to Specimen to Data: Privacy Across the
Health Lifecycle

Andrew G. Shuman, MD; Assistant Professor, Division of Head and Neck Oncology,

Department of Otolaryngology–Head & Neck Surgery, University Michigan Health System; Co-
Director, Program in Clinical Ethics; Chair, Adult Ethics Committee and Consultation Service;

Center for Bioethics and Social Sciences in Medicine, University of Michigan Medical School;
Chief, ENT Section, Surgery Service, VA Ann Arbor Healthcare System
Presentation: Focusing on patient privacy
Kayte Spector‐Bagdady, JD, MBioethics; Assistant Professor, Department of Obstetrics &
Gynecology; Chief, Research Ethics Service, Center for Bioethics and Social Sciences in
Medicine; University of Michigan Medical School
Presentation: Dignitary Harms and the Privatization of Data
Nicolle Strand, JD, MBioethics; Assistant Professor, Bioethics; Assistant Director for
Research, Center for Bioethics, Urban Health, and Policy; Lewis Katz School of Medicine at
Temple University
Presentation: Focusing on patient privacy interests in shared data

Page 3 of 3

Panel 5. Privacy-preserving Tools, Technologies, and Methodologies
Adrian Gropper, MD; Chief Technology Officer, Patient Privacy Rights Foundation
Presentation: “Blockchain-linked Self-sovereign Technology for Information Sharing”
Abel Kho, MD, MS; Associate Professor, Northwestern University Feinberg School of
Medicine
Presentation: “Pragmatic Real World Applications of Privacy-preserving Record Linkage”
Bradley Malin, PhD; Professor of Biomedical Informatics, Biostatistics, & Computer Science;
Co-Director, Ph.D. Program in Big Biomedical Data Science; Co-Director, Center for Genetic
Privacy and Identity in Community Settings; Co-Director, Health Data Science Center; Director,
Health Information Privacy Laboratory; Vanderbilt University
Presentation: “An Open Source Tool for Game Theoretic Health Data De-identification”

Apart from just showing internally that you are compliant with the law, many companies are also looking for more public ways to confirm that they are meeting their data protection obligations. The GDPR offers various options to do so: adherence to a (sectoral) code of conduct, the development of Binding Corporate Rules or certification.

Article 42 and 43 GDPR allow for the development of certification mechanisms, seals and trust marks to demonstrate compliance with the provisions of the Regulation. In addition, the GDPR offers the possibility to non-EU data controllers, to certify their privacy program to assert they have implemented appropriate safeguards for data protection. This specific certification would allow for data transfers, even when no adequacy decision is in place. Nymity currently has a research project ongoing that looks into the various elements of GDPR certification.

During this webinar, we will look at both past and current certification mechanisms across the world and discuss lessons learned, based on our research project. Next, we will look ahead at what certification mechanisms under the GDPR could look like and why companies should consider to certify their privacy programs or their privacy technology. This will include the question if, and to what extent, Binding Corporate Rules could be regarded as a form of certification. Finally, we will discuss with representatives of the Article 29 Working Party what their guidance on the use of certifications under the GDPR could entail.

Registration Link: https://register.gotowebinar.com/register/4045464301131086849

New TrustArc / IAPP Benchmarking Research on Current Compliance and High Priority Risk Areas

The EU GDPR presents compliance challenges for organizations across the globe. With the compliance clock ticking, companies have to prioritize where to invest their efforts and resources in the run up to potential enforcement actions from May 2018 onwards. TrustArc and the International Association of Privacy Professionals (IAPP) have conducted research benchmarking current compliance and what companies considered the highest priority areas, the risks of non-compliance and what can help – whether outside counsel or technology solutions.

Register now for this webinar to hear first hand:
– Ranking of top GDPR compliance risks from over 500 privacy professionals
– Differing compliance concerns between US and EU-based companies
– Most common steps taken to mitigate compliance risks
– Analysis of the findings from leading privacy experts at IAPP and TrustArc

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar!

Webinar Speakers:

Sam Pfeifle
Content Director, IAPP – International Association of Privacy Professionals

Hilary Wandall
General Counsel & Chief Data Governance Officer, TrustArc

Insights and best practices for managing individual rights under the GDPR. The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability – and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 26th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements? This webinar will provide insights and best practices for managing individual rights under the GDPR. *IAPP CPE credits available* Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar! Webinar Speakers Steve Wright Data Protection & Information Security Officer, John Lewis Partnership Jacqueline Cooney Senior Director Privacy and Cybersecurity, Paul Hastings LLP Janalyn Schreiber Consulting Director, East, TrustArc