Denise Anderson, MBA
President, Health Information Sharing and Analysis Center (H-ISAC)
Denise serves as Chair of the National Council of ISACs. She was recently elected to a 3-year term on the Cyber Working Group Executive Committee for the Health and Public Health Sector Coordinating Council. Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy. She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.
Holt Anderson, FHIMSS
Principal, Learning Health Strategies
Holt served as the Executive Director of NCHICA from 1995-2014. He continues to serve on the NCHICA Board of Directors. Holt also serves on the Board of Directors for the Learning Health Community and chairs the Policy and Governance Framework Initiative for Learning Health Systems.
Marti Arvin, JD
VP of Audit Strategy, CynergisTek
Marti is a well-known healthcare compliance professional with extensive experience and expertise. She has focused her career primarily on compliance issues associated with academic medicine. She has been a chief compliance and privacy officer at four academic medical centers and a for-profit hospital system. She has also served as an expert witness for privacy and information security cases. She earned her law degree from Indiana University and holds CHC-F, CHPC, CCEP-F and CHRC certifications.
CEO, CORL Technologies
Cliff is a leader in healthcare information technology, privacy and security, with over 20 years of industry experience. He is the founder/CEO of two successful companies that provide information protection services to healthcare organizations including many of the nation’s leading provider, payer and business associate organizations. Cliff also led the creation the HITRUST framework, which is the most broadly adopted healthcare security and privacy framework in the industry.
Director of CyberSecurity, HCA
TJ focuses on Threat Analytics and Intelligence & Response within the HCA Cyber Defense Center. He previously led teams on Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.
Security Architect-Identity & Access Management, The University of Kansas Health System
James has over 20 years of IT experience, with 15 of those years serving in the healthcare industry. He has led several initiatives such as multifactor authentication for remote access, privileged account management, and the overhaul of the Health Systems identity management solution. He holds a BS in Telecommunications Management from DeVry University-Kansas City.
Holly Benton, JD, CHPC
University Privacy Officer, Duke University
Holly and her team facilitate compliance with federal, state and global privacy laws and regulations, manage privacy incident assessments and training, and provide guidance to campus stakeholders on privacy related matters that impact the university. Prior to Duke, Holly was the Interim Chief Privacy Officer at UNC Chapel Hill and practiced commercial litigation and employment law. She earned her JD from the University of Washington School of Law.
CISO, Medical University of South Carolina
Steve is an information security professional with over two decades in the IT industry. He has also served as both VP of Information Technology and HIPAA Security and Privacy Officer for Adheris, Inc. In addition, he has served as Chief Privacy Officer for Adheris’ parent company, inVentiv Health, Inc.
Senior Information Security Analyst, Mayo Clinic
LeahAnn is responsible for improving the security of medical devices that are used within the Mayo Clinic environment prior to purchase. Her duties include assessing the vulnerability of medical devices and partnering with vendors and internal staff to improve medical device security. During her 29 year career at Mayo, LeahAnn has worked in the Department of Laboratory Medicine and Pathology, Clinical Trials Research, Information Technology, and Office of Information Security. She received her BS in Business Management from Cardinal Stritch University.
Senior Director, Coalfire
David has an active top-secret clearance with over 13 years of experience in technical disciplines such as: information assurance, information systems design, network design/implementation, security management operations, cloud service (IAAS/PAAS/SAAS) and deployment models (Public/Community/Hybrid/Private). He has successfully managed and assessed government and commercial systems with extensive experience in information system security, FedRAMP, FISMA, program/project management oversight, security testing and evaluation, risk assessments, system/network designs review/implementations and has led many testing teams in project delivery.
Security Specialist, Sirius
Jeff is a security solutions expert at Sirius with a specialization in Healthcare IT. He has 20 years of experience in helping enterprises develop and maintain proactive security programs. He focuses on tactical strategic data protection plans, and applies his knowledge of core infrastructure security, security program governance, threat and vulnerability management, identify and access management, and application security to enable the improvement of overall security posture.
Co-founder & Principal, Immersive
Stephanie is co-founder and principal for Immersive where she leads program and solution development, knowledge management, and customer success. Her 25+ years in healthcare have taken her from medical social work, to public health policy at Georgetown University’s NCEMCH, to the Advisory Board Company, and ultimately into health IT for companies like WebMD, CTG Health Solutions and CynergisTek. Stephanie holds her AB and AM from the University of Chicago. She serves on AHIMA’s Privacy and Security Practice Council, has served on the faculty of regional and national AHIMA, HIMSS, AHIA, HCCA and NCHICA conferences.
Emily Crabbe, JD
Investigator, HHS Office for Civil Rights
Emily’s investigative caseload has become focused on information security and data breaches. She functions as the office specialist for cases relating to the HIPAA Security Rule and for breaches that result in financial penalties. Before starting at HHS/OCR, she worked as a staff attorney at a clinical toxicology laboratory. She earned her law degree from Atlanta’s John Marshall Law School.
Director of Information Security and Network Engineering, Vidant Health
Kirk has contributed his unique personality and perspective to drive excellence and innovation at startups and Fortune 100 companies alike. In 2015, he received The Center for Digital Government’s, ‘Cybersecurity Leadership and Innovation Award”, and holds numerous professional certifications including CISSP, CISM, CGEIT, CRISC. His extensive career spans healthcare, manufacturing, telecom, banking and client advisory services. Kirk says his formula is simple, “Inspire your teams to feel dignified and passionate about what they bring to the table. If you can swing that, success always finds a way to sneak up on all of you.”
Chief Security & Privacy Officer, University of Chicago Medicine
Erik has 18 years of experience within Information Technology, with 12 years focused on Information Security. The majority of his career has been focused on Academic Medical Centers, establishing two information security programs and an identity and access management program. He co-leads a Department of Health and Human Services Task Group charged with implementing the Cybersecurity Act of 2015 Section 405(d) in the healthcare sector. The Task Group recently published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. He earned his MS in Information Technology from Loyola University in Chicago and BS in in Cell and Structural Biology from the University of Illinois in Champaign/Urbana.
Chief Information Security Officer, Geisinger Health System
Steve is the enterprise Chief Information Security Officer at Geisinger, including the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and Keystone Health Information Exchange. He has over 35 years of experience in the information and physical security field. His professional tenure includes senior security leadership positions at Dow Corning Corporation, American Fidelity Assurance, Fleming/Core-Mark, Sallie Mae, Publix Super Markets, The Mosaic Company, and others. He specializes in cybersecurity program development and IT risk management.
Information Security Analyst, Duke Health
Shelly has extensive experience in research security, security contract control negotiations, risk assessment and public speaking. She is certified as a Healthcare Information Security and Privacy Practitioner (HCISPP). She currently is the Program Lead for Security Outreach and Education at Duke Health. She works closely with the other authors to triage and assess risks for research security.
Ed Hammond, PhD
Director, Duke Center for Health Informatics
Ed also serves as Director of Applied Informatics Research at Duke Health Technology Solutions and Director of Academic Affairs for MMCi. He received his PhD from Duke University in 1967 and has served on the Duke faculty since then. He is Chair Emeritus of HL7 and serves on the NCHICA Board of Directors.
Manager for Security Operations & Engineering, Vidant Health
Jerry started his security career in the United States Air Force’s Cyber Operations. He later transitioned to consulting, and founded O’Hare Solutions. At O’Hare, Jerry built a cybersecurity services practice, with a team specializing in McAfee professional services, servicing customers in federal government, finance, manufacturing, telco, healthcare, and insurance across the US, Europe, and Asia.
Chief Technology Officer, sema4
Shay has more than 20 years of experience in technical management and leadership. He has been involved with large scale projects in different verticals including financial services, telecom, healthcare, e-commerce, travel, logistics and homeland security. Prior to joining Sema4, he worked for GigaSpaces Technologies, Versant and Sirius Technologies. He holds a BSC in Electrical and Computer Engineering from Ben-Gurion University of the Negev.
Susan Hayden, JD
Director of Research Program Collaborations, Duke University School of Medicine
Susan is a Director in the Duke Office of Research Contracts and manages a team who oversees negotiation for research contracts across a broad landscape. She works closely with the other authors to triage and assess risks for research security using an in-house developed tool that allows for centralized engagement from multiple offices as well as transparency to the contract owner.
Director of Information Security, Duke Health
Rosemary oversees a staff of 20 professionals dedicated to risk management, compliance and security applications and architecture. Her healthcare IT focus started at Ernst Young and Packer Thomas & Co. At Duke, Rosemary was instrumental in implementing a formal risk assessment process, IT monitoring and compliance program and developing business cases for security improvements. She is a CPA, CISSP and CISA.
David Holtzman, JD, CIPP
VP for Compliance Strategies, CynergisTek
Chuck has over 30 years of IT and information security experience. Prior to joining Pendo.io in late 2018, he served as CISO for Duke Health for seven years. His prior experience also includes serving as the senior manager for Symantec’s Security Advisory Services consulting practice in the US. Chuck received an MBA and B.S. in Physics from NC State University, and has multiple industry certifications, including CISSP, CISM, PMP, and ITIL. He is also a graduate of Carnegie Mellon’s CISO Certificate Program.
CTO, MD Interconnect, Inc.
Jeff leads all Technology and Product Development at MD Interconnect, where he has been since February of 2016. He is an accomplished senior technology executive with significant experience in both Fortune1000 and startup environments. He began his career with IBM for 15 years and has continued his work in venture capital-backed companies with multiple successful exits. He earned a B.S. in Computer Science and Mathematics from North Dakota State University.
Chief Technology Officer, Oxford Computer Group
Chris is responsible for helping enterprise clients architect and implement business–focused identity management infrastructure. His clients include large healthcare institutions, financial institutions, and universities. He is a recognized expert on Microsoft’s identity and security offerings, including Azure Active Directory, Microsoft Intune, Azure Rights Management Services (Azure RMS), and Microsoft Identity Manager (MIM). Chris frequently advises Chief Security Officers on the best way to leverage their investments in Microsoft identity and security offerings. He is a former Marine and veteran of Operation Enduring Freedom.
Senior Counsel, Wake Forest University Baptist Medical Center
Since 2002, Dina has served as primary counsel for privacy and security matters at Wake Forest University Baptist Medical Center and Wake Forest University. She chairs the University’s Information Technology Security Advisory Committee and serves as a founding member of the Medical Center’s Privacy and Security Council. Her responsibilities include: providing ongoing support for the review, investigation, and possible reporting of alleged privacy and security incidents; and collaborating extensively with the Medical Center’s Compliance Department, Privacy Office and Office of Research on key matters involving HIPAA and GDPR compliance, including authoring business associate agreements, policies and procedures, and employee training.
Security Practice Director, Burwood Group
Bryan provides advisory and technical security consulting services to clients with regulatory, legal and compliance needs. He has over 20 years of experience in security, previously working for SecurityStudio, FRSecure LLC, Bloom Health and Lifetouch. He earned his BS in Computer Science from North Dakota State University and holds CISPP certification.
Biomedical Engineer II, WakeMed
Emily has been in the Healthcare Technology Management field for two years. In 2011, she received her BS in Biological Engineering from Mississippi State University, and in 2017, she received her MS in Biomedical Engineering jointly from North Carolina State University and The University of North Carolina at Chapel Hill. Her areas of interest in the Healthcare Technology Management field include Clinical Alarm Management, Cybersecurity, and Medical Device Integration.
Ken Mortensen, JD
Data Protection Officer, InterSystems
An attorney and engineer, Ken is a privacy/security professional with over 20 years legal/30 years IT experience. During the Bush Administration, he served as Associate Deputy AG for Privacy and Civil Liberties at DOJ and DHS’s first Deputy CPO. He also served as CPO for CVS Health and Boston Scientific, had his own law firm, was the Pennsylvania AG’s special counsel for cyber, and taught at Villanova Law. He served on IAPP’s board and is the privacy expert on TSA’s Aviation Security Advisory Committee.
Cyber Security Engineer, Stern Security
Peter started his IT career in System Administration and Security for Coastal Federal Credit Union. He moved from there to a Cyber Security Engineer role at WakeMed. He currently works for Stern Security, helping a wide range of customers across industries identify and address key security issues and plan for the future.
Alex Nisenbaum, JD
Associate, Pepper Hamilton LLP
Alex’s practice is focused on technology transaction and data privacy and security matters. He aadvises clients on data privacy and information security laws and regulations, including compliance with HIPAA, Gramm-Leach-Bliley, US/EU Privacy Shield, state data protection and breach notification requirements, and development and implementation of data protection policies and “best practices.” He is certified as an information privacy professional (CIPP/US & CIPP/E) by the International Association of Privacy Professionals.
Lee Olson, CISSP, CISM
Principal Analyst, Mayo Clinic
Lee works in Mayo Clinic’s information security group with primary responsibilities in the areas of policy and identity and access management. He has over 35 years of general experience in the information security field and previously worked for the Defense Investigative Service as an industrial security specialist and regional computer security specialist.
Karen Pagliaro-Meyer, CHC, CHPC
Chief Privacy Officer, Columbia University Medical Center
Karen has over 25 years of experience in healthcare privacy, research, compliance, regulatory affairs, safety and quality improvement at large academic medical centers. She previously served as Director of Corporate Compliance & Privacy Officer at New York-Presbyterian Hospital.
David Peloquin, JD
Associate, Ropes & Gray LLP
As a member of the health care group, David focuses his practice on advising academic medical centers, life sciences companies, and information technology companies on issues related to human subjects and animal research, data privacy, and Medicare/Medicaid reimbursement issues. He frequently writes and speaks on topics related to these areas, and serves as a community member of the IRB at Partners Healthcare in Boston. He received his law degree from Yale Law School and clerked at the U.S. Court of Appeals for the Eighth Circuit. Before law school, he worked as a project manager for Epic Systems.
Tanisha Raiford, JD
Chief Privacy Officer & Senior Billing Compliance Officer, Weill Cornell Medicine
Tanisha has over 15 years of experience in healthcare operations, privacy, research, compliance, regulatory affairs, quality improvement, and managed care in both physician practices and large academic medical centers. She previously served as Vice President of a Health Care Management firm where she was responsible for compliance, privacy, medical malpractice, internal audit, revenue cycle, and operations. She holds a JD and MPA, with CIPP, CHRC, CHPC, CCEP, CHC and CHPC certifications.
George Reed, MHA
Director of Clinical Engineering, WakeMed
George oversees medical devices lifecycle management, biomedical device integration (BMDI), as well as medical device security. He has 34 years of experience in the Healthcare Technology Management (HTM) field with various roles and experiences. George began his career in the US Army where he was a biomedical trained technician and received an Associates in Biomedical Instrumentation. He then pursued his Bachelors in Organizational Management and Masters in Healthcare Administration.
CIO, American Hospital Association
Rob brings over 25 years of experience in technology transformation. He is currently the Chief Information Officer at American Hospital Association, a national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. His focus is to deliver innovative, business-enabling IT strategies that form the foundation for long-term strategic business plans, allowing organizations to evolve their business model and compete locally/globally.
Security Architect, Vanderbilt University Medical Center
Bill is security architect who has worked in the Information Technology field for over 15 years, with a focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. He has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.
Anurag Shankar, PhD
Senior Security Analyst, Indiana University
Anurag has nearly 20 years of experience developing, delivering, and managing IU’s central research cyberinfrastructure. He is a member of IU’s Center for Applied Cybersecurity Research and has expertise in regulatory compliance and cybersecurity risk management. He earned his PhD in Astronomy from the University of Illinois at Urbana-Champaign.
HIPAA Security Officer, Mount Sinai Health System
Ray has been involved within the AMC Security & Privacy Conference community for over a decade, as speaker, panel leader and member of the Conference Planning Committee. Ray is a US Navy veteran and alumnus of The University of Missouri at Rolla, and has over twenty years of health care information technology, privacy and security experience.
Principal, Stern Security
Jon is the author of the Cisco Press course titled Security Penetration Testing (The Art of Hacking) Live Lessons. He co-chairs the Privacy and Security Workgroup at NCHICA. Jon graduated with a B.A. in Computer Science and holds many security certifications including: GIAC Penetration Tester, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker. He has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine.
Click here to read the session descriptions.