Resource Library

While appearances may suggest that enterprise risk management (ERM) and governance risk and compliance (GRC) aim to solve for the same problems, they are arguably separate processes with different approaches and objectives. This session will review the differences between ERM and GRC approaches and assessments, and reveal how to identify which may be best suited to align with your company’s compliance program.

Review various types of business insurance including D&O, E&O and special lines of coverage. Learn to understand standard policy clauses, insurers' interpretation of those clauses and practical steps you can take to maximize your company's insurance recoveries.

We have all heard about big data breaches: millions of customer records at risk, credit monitoring for an extended period of time, etc. What about the smaller run-of-the-mill security or privacy breaches? Can we prevent them? Do we have to report them? How do you set up incident response reporting? How do you do a security risk assessment to mitigate your risks?

Breaches of patient privacy/security are considered the number one risk for liability in the healthcare industry today. Control over patient information in today’s society is becoming ever increasingly difficult with the expanding use of electronic health records, personal health records and social media, plus the advent of Health Information Exchanges. Outsourcing of healthcare operations provides additional risk, especially the enforceability of patient privacy/security law when patient information is sent outside the US. Unfavorable media, government enforcement, class action litigation and identity theft all pose a constant concern to in-house counsel, and vendors themselves are now at greater risk of liability with penalties now imposed on business associates. This panel will provide an overview of the principal federal laws & regulations concerning privacy/security (HIPAA/HITECH/Red Flags), their interaction with select state laws, international laws (EU Data Protection), and practical ways to minimize risk and keep patient information private and secure.