Marti Arvin, JD, CHC-F, CHPC, CCEP-F, CHRC
VP Audit Strategy, CynergisTek
Marti is a nationally known expert who speaks frequently on privacy and information security. She has over 27 years of healthcare experience and worked for over 18 years in the privacy and information security arena with four academic medical centers. She has work with IRBs and researchers on privacy and information security issues in research. She also has experience in working with OCR on investigations and handling an OCR Resolution Agreement. She has handled responding large data breaches. She holds the CHC-F, CHPC, CCEP-F and CHRC certifications and is an attorney.
CEO, CORL Technologies
Cliff is an industry leader in healthcare information technology, privacy and security, and has over 20 years of industry experience. He is a sought after contributor and speaker for various health IT and information risk management forums, the lead author of the HITRUST Common Security Framework, and author of various IT Risk Management publications. Prior to forming CORL Technologies, Cliff was the Chief Strategy Officer for HITRUST and also led PricewaterhouseCoopers’ healthcare security practice.
Vigilant, Senior Manager, Deloitte and Touche
Jim is a senior manager in the Vigilant by Deloitte Cyber Risk Management group specializing in the area of developing and running advanced security managed services. He has over 18 years of experience in Information Technology in Fortune 500 companies, with 15 years of management experience, and has primarily been focused on enterprise risk and security. He has specialized in managing teams handling all aspects of security policy and operations, including security operations centers, penetration testing, incident response, e-discovery and forensics teams. Jim also has a background in managing engineering and architecture teams in security.
David Behinfar, LLM
Chief Privacy Officer, UNC Health Care
David is a healthcare Compliance attorney with more than 20 years of experience in information privacy in healthcare compliance. He spent 14 years working in the privacy offices of prominent universities and academic medical centers including the University of Florida, Stanford University and the University of Wisconsin-Madison. David has a an LLM in Health law as well as multiple professional certifications in corporate compliance and ethics, information privacy and security and healthcare research compliance.
Jeff Bell, CISSP, GSLC, CPHIMS
Chief Information Security Officer, CareTech Solutions
Jeff has more than 29 years of experience in healthcare IT and cybersecurity. He previously held IT management and leadership positions with the Detroit Medical Center, the Visiting Nurse Association of Southeast Michigan, and was most recently a manager in the cybersecurity and privacy practice at PwC. He has the following certifications: CISSP, GSLC and CPHIMS.
Holly Benton, JD, CHPC
Associate Compliance Officer for Privacy, Duke University
Prior to joining Duke, Holly served as Interim Chief Privacy Officer at UNC Chapel Hill, Contract Counsel for T-Mobile, and as an attorney. She earned her JD from the University of Washington School of Law and holds CHPC certification.
Michael Berwanger, JD
Director of Quality Management & Compliance, MedCost
Prior to joining MedCost, Michael served as Compliance Manager for Cornerstone Health Care. He earned his law degree from New England School of Law in Boston.
Tim Burris, HCISPP
Product Manager, Iatric Systems
Tim Burris is the product manager for Iatric’s Patient Privacy Solutions, which includes Security Audit Manager, Auditor’s Desktop, and Partner Risk Manager. He has worked on some of the company’s largest Security Audit Manager implementations. Tim gained his background in Privacy and Information Security while working for Houston Healthcare in Georgia.
Robert Califf, MD
Professor, Duke University School of Medicine
Dr. Califf served as Commissioner of the Food and Drug Administration from February 2016 to January 2017. Prior to joining the FDA, he was a professor of medicine and vice chancellor for clinical and translational research at Duke University. He also served as director of the Duke Translational Medicine Institute and founding director of the Duke Clinical Research Institute. He is a member of the National Academy of Medicine and earned his medical degree from Duke University School of Medicine.
Gary Daemer, MSSE
Gary founded InfusionPoints nine years ago to assist his clients to improve their security posture. He has also led multiple security teams in several government consulting organizations. He worked in industry as a Program Manager, Security Architect, and Security Engineer. He led many security efforts for small to midsize business, telecommunications, healthcare, banking, and insurance industries. His teams have built, defended and tested, multiple enterprise business environments over the years. He has a MSSE from Virginia Tech and holds several Industry Certifications as well.
Joseph Dickinson, JD
Counsel, Tucker Ellis LLP
Joseph has more than 25 years of business and legal experience representing and advising corporations and senior leadership nationally and internationally. Joe has broad experience in the areas of data privacy and security, data breach litigation, intellectual property litigation, and technology licensing. He earned his JD from Cleveland-Marshall College of Law.
Ryan Dobbins, GSLC
Director, Managed Services, infoLock Technologies
Ryan has more than 15 years of experience in the information security field. Prior to joining infoLock, he was responsible for the development and everyday management of the information security program at a multi-billion dollar healthcare enterprise. His areas of expertise include threat protection,data loss prevention,and governance risk and compliance. He is active in the GRC community and holds the GSLC from SANS.
Colleen Ebel, MBA
Chief Information Security Officer, UNC Health Care
Colleen has 20 years of experience in health care IT in academic medical centers, 15 of which have been managing information security functions. Prior to joining UNC Health Care in 2012, Colleen served as IT Director and CISO for the University of Florida’s Health Science Center and as IT Director and HIPAA Security coordinator at the University of Michigan Health System.
Lori Feezor, JD
General Counsel & VP Legal Affairs, New Hanover Regional Medical Center
Lori previously served as Associate Vice President and Chief Compliance Officer at Duke University Health System, as adjunct faculty at East Carolina University for several years where she taught health law, and directed the risk management program at the University of California-Davis Medical Center. She writes and edits the NC Patient and Provider Rights Guide, a resource manual produced by the NC Hospital Association.
David Finkelstein, JD
Director of Information Security, St. Luke’s University Health Network
David is a Signal Officer with the U.S. Army. Prior to joining St. Luke’s, David served as Supervisory IT Specialist for the Department of Veterans Affairs and as Communications & Information Security Officer for the U.S. Army. He earned his law degree from Widener University School of Law.
Kevin Fu, PhD
Co-founder & CEO, Virta Laboratories
Kevin co-founded Virta Laboratories in 2016. He also serves as Associate Professor at the University of Michigan. Prior to this, he was Associate Professor at UMass Amherst. He served on the Advisory Board of Samsung and on the NIST Information Security and Privacy Advisory Board. He earned his PhD in Electrical Engineering and Computer Science from MIT.
Katherine Georger, JD, CHC, CHRC, CIPP/US
HIPAA Privacy Officer, University of Arizona
Prior to joining UA, Katherine was a Privacy Officer and Director of Regulatory Services for WPS Health Solutions and also served as the Privacy Program Manager for Stanford University’s covered-entity components. She spent more than five years working as an associate attorney in private practice counseling clients on a variety of health care transactional and regulatory compliance matters. She earned her JD from Gonzaga Law School and holds CHC, CHRC and CIPP/US certifications.
Kurt Griggs, MS, CRISC, CISA
Internal Audit Manager, Mayo Clinic
Kurt leads and directs the organization’s internal audit department and manages the organization’s overall IT/IS audit program. He has over 20 years of experience working in both the public and private sectors. He holds an MS in Information Assurance with an emphasis in Cybersecurity, and CRISC and CISA certification.
Vishal Gupta, MS, MBA
General Manager, End-Point & CCS, Symantec
Prior to joining Symantec, Vishal was the Chief Product and IoT Officer for Silent Circle, a cybersecurity and privacy company. There he launched the industry’s first Enterprise Privacy platform. Prior to that, he held multiple leadership roles at Cisco, including VP/GM for IoT, and was VP of Global Solutions Engineering for MetaSolv Software. He earned his MS in Computer Engineering from Dartmouth College and MBA from Wharton Business School.
Alan Henton, CPA, CISA, CISSP, CIPT
Director for IT Audit, Vanderbilt University Medical Center
Alan is responsible for overseeing and conducting risk based information technology audits. He has 15 years of Public Accounting and Advisory experience largely focused on Sarbanes Oxley, Service Organization Control, SSAE-16 and ISAE-3402 reporting, audit, and data analysis. Alan previously worked for Ernst & Young and Urbach, Kahn & Werlin where he served clients across multiple sectors including Healthcare. He is a Certified Public Accountant and holds CISA, CISSP and CIPT certifications.
Clyde Hewitt, CISSP, CHS
Vice President of Security Strategy, CynergisTek
He brings more than thirty years of executive leadership experience in cybersecurity to his position with CynergisTek, where his many responsibilities include being the senior security advisor and client executive, thought leader and developer of strategic direction for information and cybersecurity services, nationwide business development lead for security services, and contributor to CynergisTek’s industry outreach and educational events.
Angel Hoffman, RN, MSN
Principal, Advanced Partners in Health Care Compliance, LLC
Angel has over 30 years of experience in health care with expertise in compliance, risk management, legal nurse consulting, development of education and training programs, and multiple clinical specialties. She earned her MSN with a concentration in Health Care Management from La Roche College.
Andrew Hutchinson, CISSP, SABSA SCF
Executive Director, IT Architecture and Portfolio Svcs, Vanderbilt University Medical Center
Andrew oversees IT strategy, information security strategy, IT resource management, and customer relationship management for VUMC IT Services delivered to VUMC. Andrew’s experience includes overseeing the development, operation, and improvement of Vanderbilt’s ITIL based service management processes, and directing Vanderbilt’s Network Security team. Prior to this, he worked as an information security consultant for a shared security services company. He holds the CISSP and SABSA SCF certifications.
Elizabeth Johnson, JD
Attorney, Wyrick Robbins
Elizabeth leads the firm’s Privacy & Data Security Practice Group. She also helps clients with government agency inquiries pertaining to privacy and data security, such as HIPAA compliance reviews conducted by the U.S. Department of Health and Human Services. She earned her law degree from Duke University.
Chuck Kesler, MBA
Chief Information Security Officer, Duke Health
Chuck is responsible for establishing the enterprise-level strategy and coordinating operational efforts for information security across all Duke Medicine entities, including three major hospitals, the Schools of Medicine and Nursing, and associated organizations. He has over 22 years of IT industry experience, and earned his MBA from NC State University.
Director of Information Technology, Coastal Connect Health Information Exchange
Blair joined Coastal in 2016 with 22 years in technology. During his career, he has worked in both the private and non-profit sector. Most recently, he spent 13 years as the Director of IT for a behavioral health clinic in Washington, DC where he led the migration from paper records to a full-function behavioral EHR product. Blair has obtained multiple certifications from IT companies including Microsoft, Novell and Citrix.
Co-founder & CEO, Protenus
Robert co-founded Protenus along with another medical school student to protect patient privacy in electronic health records. Prior to this, he worked at the hedge fund Bridgewater Associates, where he designed and managed systems to analyze global markets. He earned his AB in Social Studies from Harvard College.
Cheryl Lytle, MS, CISSP, GCED
IT Security Specialist, UNC School of Medicine
Cheryl joined UNC School of Medicine in 1996. Prior to that, she worked for Gaston County Schools and the NC Department of Public Instruction. She earned her MS in Industrial Management from the Georgia Institute of Technology.
Jeremy Maxwell, PhD
Director of Information Security, Allscripts
Jeremy first joined Allscripts in 2010, serving as Application Security Architect for over four years. He then spent three years as Vice Chair of the Privacy and Security Workgroup at EHRA before joining the Office of the National Coordinator for Health IT, where he served as Senior Technical Advisor for Security for two years. He earned his PhD in Computer Science from NC State University.
Deven McGraw, JD, MPH
Deputy Director, Health Information Privacy, HHS Office for Civil Rights
Deven also serves as Acting Chief Privacy Officer for the Office of the National Coordinator for Health IT. Prior to joining HHS, she was a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP. She previously served as the Director of the Health Privacy Project at the Center for Democracy & Technology, which is a leading consumer voice on health privacy and security policy issues, and as the Chief Operating Officer at the National Partnership for Women & Families, where she provided strategic leadership and substantive policy expertise for the Partnership’s health policy agenda. She earned her JD and LLM from Georgetown University Law Center and MPH from Johns Hopkins School of Hygiene and Public Health.
Tatiana Melnik, JD
Managing Attorney, Melnik Legal PLLC
Tatiana concentrates her practice on data privacy and security, information technology and regulatory compliance. She is a standing contributor to the journal Health Care Compliance, and a managing editor of the Nanotechnology Law and Business Journal. She earned her law degree from the University of Michigan Law School.
Consultant, Deloitte & Touche LLP
David is a core member of Deloitte’s Medical Device Safety and Security practice, which focuses on helping clients secure connected medical devices and other life sciences products. In this role, David primarily works with device manufacturers and healthcare providers designing, developing and implementing enterprise-level medical device security programs. He earned his BS in Information Systems and Business Process Management from the University of Illinois at Urbana-Champaign.
Compliance Director & Chief Privacy Officer, Wake Forest Baptist Health
JT has served as a Privacy Officer for 15 years, and before that served in a Risk Management capacity for 18 years. He co-chaired the NCHICA Privacy & Security Officials workgroup and has participated in the development of the NCHICA Breach Tool, BA templates and Privacy Notice.
Steven Ordahl, MS
Healthcare Cloud Solutions Architect, Microsoft
Steve brings over 26 years of healthcare computing experience in development and deployment of solutions on various platforms and technologies including EMR, Mobile, Security, Identity and Access Management for Providers, Payors and Consumers. He holds two patents in the healthcare computing space. He received his MS in Healthcare Computing from the University of Minnesota, and completed a first of it’s kind residency in pharmacy computer applications at United and Children’s Hospital in St. Paul, Minnesota.
Allen O'Rourke, JD
Of Counsel, Cyber & Litigation, Womble Carlyle
Drawing upon years of experience prosecuting cybercrime, Allen works with clients’ legal and information security teams to investigate cybersecurity incidents, coordinate the remediation of any breach, interface with law enforcement as appropriate, and ensure compliance with applicable data breach laws and regulations. Prior to joining Womble Carlyle, Allen was a Computer Hacking and Intellectual Property prosecutor with Top Secret security clearance at the U.S. Attorney’s Office for the District of Columbia. He earned his law degree from Harvard Law School.
Chief Privacy Officer, Columbia University Medical Center
Karen has over 25 years of experience in healthcare privacy, research, compliance, regulatory affairs, safety and quality improvement at large academic medical centers. She previously served as Director of Corporate Compliance & Privacy Officer at New York-Presbyterian Hospital.
CIO, State of North Dakota
Shawn previously served as Section Head of Operations Management at the Mayo Clinic, where he led multiple technical projects including the current NAC and Network Segmentation project. He has served as Chief Information Officer, Chief Technology Officer, Information Security Officer, and Information Management Officer in his 22 years in the IT industry.
Bill Schultz, MS, CISSP
Principal Security Architect, Vanderbilt University Medical Center
Bill is a security architect who has worked in the Information Technology field for over 14 years, with the past nine focused on Enterprise Architecture, Security Architecture, Risk Management, and Compliance. He has led multiple risk management and security architecture initiatives to build secure systems that comply with federal, healthcare, or payment card industry standards. He uses strategic architecture and risk management frameworks to design and implement secure and compliant IT systems that enable the organization to meet business objectives. Bill earned his MS in Computer Information Systems and holds CISSP certification.
Advisory Senior Consultant, Deloitte & Touche LLP
Anant is a Senior Consultant with Deloitte Advisory’s Cyber Risk Services, specializing in the health care industry. He has more than 7 years of experience in designing and executing information security and governance initiatives. His expertise includes development and maintenance of large enterprise information security programs, and identification and prioritization of initiatives under the program. Anant specializes in designing third party risk management programs and conducting assessments for various standards and regulations such as PCI DSS, HITRUST, HIPAA, NIST, ISO 27001, ISO 22301, SSAE16 (SOC1 & SOC2), etc.
Anurag Shankar, PhD
Senior Security Analyst, Center for Applied Cybersecurity Research, Indiana University
Anurag’s expertise includes regulatory compliance and cyber security risk management. He is responsible for developing a NIST-based risk management framework and using it to align IU’s central IT cyber infrastructure with HIPAA. He earned his PhD in Astronomy from the University of Illinois.
Advisory Senior Manager, Deloitte & Touche LLP
Amit is a Senior Manager in Deloitte’s Cyber Risk Services practice, and has worked in the area of information security and IT operations management in North America, Europe and India over the last 14 years. He has assisted clients in establishing third-party risk management programs, and has extensive experience in conducting supplier assessments globally. He works primarily with FSI clients, and has assisted them in establishing risk and control frameworks, identity & access governance processes, and process and controls reviews and improvements.
Kurt Stakeman, JD
Of Counsel, Womble Carlyle
Kurt focuses his practice on white collar criminal offenses. He handles cases involving all types of criminal charges, both pre- and post-indictment, including data theft. Kurt’s white collar defense practice is founded upon eleven years of experience on the government side of the courtroom, where he served as a prosecutor. He earned his law degree from the UNC School of Law.
Mark Steinhoff, CIPP
Managing Director, Deloitte & Touche LLP
Mark has over 30 years of combined experience across a range of privacy and security disciplines, as well as experience with enterprise risk management, governance, risk and compliance management, and systems project implementations. Prior to joining Deloitte & Touche, Mark spent 13 years in a variety of roles including information security administration, program management and information technology audit.
Jon Sternstein, CISSP, GPEN, CCNA, CEH
Founder & Principal Consultant, Stern Security
Jon has over 13 years of experience in the security industry, helping clients in the education, finance, healthcare, law and government industries. He teaches a class on Network Penetration and Ethical Hacking through the SANS Institute, and serves as co-chair of NCHICA’s Technology Resources Workgroup. He holds numerous security certifications.
Shane Swanson, MS
Advisory Services, Specialist Master, Deloitte and Touche
Shane currently serves Deloitte’s Life Sciences and Healthcare practice providing a multitude of cybersecurity and strategy and governance services. He has 18 years experience working in the cybersecurity field with specializations in Cyber Security Intelligence, Virtualization & Cloud Security, SEIM and SOC development, Network Access Control, Network Segmentation, and Information Security Assessments, including general control assessments, vulnerability assessment and penetration testing. He holds a MS in Cybersecurity Intelligence & Forensics.
Ryan Vlcko, JD
Staff Attorney, McLaren Health Care Corp.
Ryan has counseled on a variety of legal matters, including hospital acquisitions, medical practice purchases and sales, and Stark and Anti-Kickback reviews. Before joining McLaren, he served in the Michigan Air National Guard where he attained the rank of Staff Sergeant. In 2004 he served in the U.S. Air Force as part of Operation Iraqi Freedom. He earned his law degree from the University of Michigan Law School.
Robert Webster, JD
Data Privacy Attorney, LabCorp
Robert works in the Global Compliance workgroup where he provides guidance on data privacy and cyber security matters to LabCorp’s global business units. Prior to this role, he served as an attorney in LabCorp’s Legal Department where he provided guidance on IT and data-related matters. He earned his law degree in Business Law and Health Law from Elon University.
Security Solutions Specialist, Internetwork Engineering
Derrick has worked in IT for over 20 years, with extensive experience in project engineering, management, scoping, budgeting and design. He began his career in the military, and after being honorably discharged as an IT2 Second Class Petty Officer, moved into the private sector.
Roy Wyman, JD
Partner, Nelson Mullins Riley & Scarborough LLP
Roy’s practice focuses on the privacy, security and regulatory concerns of small to large clients including issues such as HIPAA, IT and data management and compliance as well as broader regulatory concerns. He was previously the Chief Privacy Officer and Associate General Counsel for TeamHealth Inc., and Senior Legal Counsel to CVS Caremark Corp. Roy is a frequent speaker and author on a variety of topics involving healthcare, IT and data management and has been published in various law journals.
Terrence Ziemniak, MS, CISSP, FACHE
CISO/AVP, Carolinas HealthCare
Terry has over 20 years experience in the information security field with work ranging from security architecture, operations, auditing, risk management, disaster preparedness and compliance. While spending most of his career in health care, he has experience working with a variety of organizations including military, retail and manufacturing – sized from Fortune 100 down to “mom and pop” shops. Terry has achieved both the CISSP and FACHE certification and earned a Master’s degree in Information Security from DePaul University.
Click here to read the session descriptions.