Gabriel L. Imperato | Nelson Mullins Riley & Scarborough LLP

Gabriel’s personal practice includes representing individuals and organizations accused of healthcare fraud and assisting and advising healthcare organizations on corporate governance and compliance matters. Gabriel is board certified as a specialist in Health Law by the Florida Bar. He is also certified in Health Care Compliance (CHC) by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association (SCCE/HCCA). This national accreditation reflects a professional level of competence and experience in compliance processes sufficient to assist healthcare business organizations to understand and address legal obligations and to promote organizational governance and integrity through the operation of effective compliance programs. Gabriel served as Interim General Counsel of the North Broward Hospital District, the tenth largest health system in the United States. He was also the Deputy Chief Counsel for the United States Department of Health and Human Services’ Office of the General Counsel in Dallas. He has served as a longtime member of the Board of Directors and Past President of the SCCE/HCCA.

Gabriel has criminal and civil trial and appellate experience in federal and state courts and administrative forums, and he has personally handled leading national cases concerning criminal and civil healthcare fraud and abuse and healthcare law and policy. He has vast experience in the defense of allegations involving the False Claims Act against health care organizations and has litigated and settled many of these cases with the Department of Justice and the Office of Counsel to the Inspector General, as well as State Medicaid Fraud Control Units.

Gabriel has also handled numerous matters involving the formation of integrated delivery systems and managed care organizations. Gabriel is considered a national leader in healthcare fraud, abuse, and compliance as well as healthcare reform matters. He lectures and publishes numerous articles on these subjects.

Henry Ortiz | BorderHawk, LLC

Henry Ortiz, Esq is a licensed attorney in Florida, who has over 20 years of experience advising executives, boards, and legal teams on technology solutions. He focuses on translating technical requirements into practical cyber risk-management strategies including cybersecurity, data privacy, NIST, CMMC, and HIPAA Security Rule compliance. Henry regularly delivers executive-level briefings and is recognized for bridging legal, regulatory, and technical perspectives in highly regulated environments. Henry provides clear insight into how technology decisions, security controls, and operational failures translate into legal liability, enforcement risk, and governance obligations, equipping counsel to more effectively advise clients on cyber risk management in healthcare and other regulated industries.

Jay Harmond | BorderHawk, LLC

Jay is an experienced cyber risk compliance executive with several years of service as a Chief Information Security Officer (CISO), advising healthcare organizations, hospitals, telecommunications providers, and public-sector entities on cyber risk management, regulatory compliance, and governance. The presenter has worked extensively with rural and critical-infrastructure organizations, helping them navigate complex security and compliance challenges in highly regulated environments.

BorderHawk delivers strategic Information Risk and Security Compliance services to safeguard information and information systems, especially where confidentiality, integrity, availability, or non-repudiation is paramount. These measures incorporate protection, detection, response, and correction capabilities for industries, including critical infrastructure, such as Communications, Defense Industrial Base, Healthcare, Oil and Gas, Transportation, Manufacturing, Local Government, Data Centers, Law Practices.

Session I – Data as an Asset and a Liability: Legal Risk, Governance, and Compliance | 1:00pm – 2:00pm

• Data is the asset… and the liability
  • Why data (PII, PHI, trade secrets, client lists, executive communications) is often a company’s most valuable and dangerous—asset
  • Data ownership: Who owns the data? Consent? Profiting from PII?
  • Technology as a regulatory risk driver in modern businesses
  • How technology infrastructure creates legal exposure across industries
• The role of counsel
  • Data privacy & cybersecurity as a governance
  • False claims act, whistle blowers, and compliance
  • Discovery in lawsuits for data privacy or cyber breach matters
  • HIPAA is federal law, and there are state laws as well for managing PHI
  • Advising executives and boards on cyber risk
  • Ethical and professional responsibility considerations for attorneys advising on technology use
• Vendor risk management
  • Third-party vendors, MSPs, remote workers, and data processors
  • Emerging technologies
  • Regulatory uncertainty and evolving enforcement trends
• Frameworks that make compliance possible
  • Why managing cyber risk without a framework creates blind spots
  • When data handling becomes regulated (either a legal obligation, or a contractual obligation)
    1. Children’s Online Privacy Protection rule (“COPPA”)
    2. Nist as a roadmap for data GRC
    3. CMMC and contracts law
    4. HIPAA as enforceable federal law, not a guidance
       a. Who is covered: Healthcare entities, business associates, and downstream vendors
  • Inside the HIPAA security rule
    1. Evaluating operational, compliance, and governance risks tied to IT systems
    2. Administrative, physical, and technical safeguards explained in plain technical terms
    3. “Required vs. Addressable” controls and how that plays out in real systems
    4. What happens when security fails
    5. Breach of contract, FTC enforcement, false claims act exposure, and negligence claims
    6. Ransomware, outages, and vendor breaches as predictable failure patterns
    7. Data classification, retention, and destruction policies as compliance tools
    8. Incident response planning and breach readiness
  • From theory to practice
    1. Practical recommendations attorneys should understand when advising clients

Break | 2:00pm – 2:10pm

Session II – The Foundations of Health Care Compliance and Risk | 2:10pm – 3:10pm

• The basic prohibitions and exceptions and unique features of the Stark law
• The scope of the Federal Anti-Kickback Statute and the Eliminating Kickbacks in Recovery Act and the relationship between these statutes
• The United States False Claims Act and its basic prohibitions, the whistleblower provisions and the significant fines and penalties and its relationship to health care fraud enforcement and compliance
• The most frequent and recurring enforcement and compliance risks in the health care industry