Speakers

Denise Anderson, MBA

Denise Anderson, MBA

President, Health Information Sharing and Analysis Center (H-ISAC)

Denise serves as Chair of the National Council of ISACs. She was recently elected to a 3-year term on the Cyber Working Group Executive Committee for the Health and Public Health Sector Coordinating Council. Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy. She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.

Holt Anderson, FHIMSS

Holt Anderson, FHIMSS

Principal, Learning Health Strategies

Holt served as the Executive Director of NCHICA from 1995-2014. He continues to serve on the NCHICA Board of Directors. Holt also serves on the Board of Directors for the Learning Health Community and chairs the Policy and Governance Framework Initiative for Learning Health Systems.

Marti Arvin, JD

Marti Arvin, JD

VP of Audit Strategy, CynergisTek

Marti is a well-known healthcare compliance professional with extensive experience and expertise. She has focused her career primarily on compliance issues associated with academic medicine. She has been a chief compliance and privacy officer at four academic medical centers and a for-profit hospital system. She has also served as an expert witness for privacy and information security cases. She earned her law degree from Indiana University and holds CHC-F, CHPC, CCEP-F and CHRC certifications.

Robert Babin

Robert Babin

IT Director & CISO, Saint Peter's Healthcare System

Robert has over 35 years of experience in manufacturing, financial and healthcare technology. As CISO, he oversees information security efforts around regulatory and audit compliance, policy development, technology risk mitigation, vulnerability management and administering the information security program at St. Peter’s. He holds MS degrees in business and technology management, and has earned CISA and CISM certifications.

Cliff Baker

Cliff Baker

CEO, CORL Technologies

Cliff is a leader in healthcare information technology, privacy and security, with over 20 years of industry experience. He is the founder/CEO of two successful companies that provide information protection services to healthcare organizations including many of the nation’s leading provider, payer and business associate organizations. Cliff also led the creation the HITRUST framework, which is the most broadly adopted healthcare security and privacy framework in the industry. 

TJ Bean

TJ Bean

Director of CyberSecurity, HCA

TJ focuses on Threat Analytics and Intelligence & Response within the HCA Cyber Defense Center. He previously led teams on Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.

James Beeson

James Beeson

Security Architect-Identity & Access Management, The University of Kansas Health System

James has over 20 years of IT experience, with 15 of those years serving in the healthcare industry. He has led several initiatives such as multifactor authentication for remote access, privileged account management, and the overhaul of the Health Systems identity management solution. He holds a BS in Telecommunications Management from DeVry University-Kansas City.

David Behinfar, JD

David Behinfar, JD

Chief Privacy Officer, UNC Health Care System

David has held senior privacy positions over the last 17 years at several universities and academic medical centers including Stanford University, the University of Wisconsin-Madison and the University of Florida. He also spent six years as an associate attorney with substantial time spent representing clients in health care transactional and regulatory matters. David received his LLM in Health Law from DePaul University School of Law, and JD from the Southern Methodist University School of Law. He holds has numerous professional certifications in information privacy and security and frequently speaks at conferences on data privacy.

Holly Benton, JD, CHPC

Holly Benton, JD, CHPC

University Privacy Officer, Duke University

Holly and her team facilitate compliance with federal, state and global privacy laws and regulations, manage privacy incident assessments and training, and provide guidance to campus stakeholders on privacy related matters that impact the university. Prior to Duke, Holly was the Interim Chief Privacy Officer at UNC Chapel Hill and practiced commercial litigation and employment law. She earned her JD from the University of Washington School of Law.

Gerry Blass

Gerry Blass

President & CEO, ComplyAssistant

Gerry brings over 35 years of experience in healthcare IT. Prior to ComplyAssistant, he was the Chief Information Security Officer for a major healthcare system in New Jersey, where he built the HIPAA Privacy and Security programs and chaired their multidisciplinary governance team. In 2002 Gerry founded ComplyAssistant to provide software and service solutions for HIPAA and IT strategic planning. He currently chairs the NJ HIMSS Privacy, Security and Compliance Committee.

Steven Cardinal

Steven Cardinal

Manager, Security Technology, Medical University of South Carolina

Steven is an information security professional with over two decades of experience in the IT industry. He served as both VP of Information Technology and HIPAA Security and Privacy Officer for Adheris, Inc. He also served as Chief Privacy Officer for Adheris’ parent company, inVentiv Health, Inc. He holds CISSP, GSTRT, GSNA, GCIH, and CCNA certifications.

LeahAnn Clemens

LeahAnn Clemens

Senior Information Security Analyst, Mayo Clinic

LeahAnn is responsible for improving the security of medical devices that are used within the Mayo Clinic environment prior to purchase.  Her duties include assessing the vulnerability of medical devices and partnering with vendors and internal staff to improve medical device security. During her 29 year career at Mayo, LeahAnn has worked in the Department of Laboratory Medicine and Pathology, Clinical Trials Research, Information Technology, and Office of Information Security. She received her BS in Business Management from Cardinal Stritch University.

David Clevenger

David Clevenger

Senior Director, Coalfire

David has an active top-secret clearance with over 13 years of experience in technical disciplines such as: information assurance, information systems design, network design/implementation, security management operations, cloud service (IAAS/PAAS/SAAS) and deployment models (Public/Community/Hybrid/Private). He has successfully managed and assessed government and commercial systems with extensive experience in information system security, FedRAMP, FISMA, program/project management oversight, security testing and evaluation, risk assessments, system/network designs review/implementations and has led many testing teams in project delivery.

Stephanie Crabb

Stephanie Crabb

Co-founder & Principal, Immersive

Stephanie is co-founder and principal for Immersive where she leads program and solution development, knowledge management, and customer success. Her 25+ years in healthcare have taken her from medical social work, to public health policy at Georgetown University’s NCEMCH, to the Advisory Board Company, and ultimately into health IT for companies like WebMD, CTG Health Solutions and CynergisTek. Stephanie holds her AB and AM from the University of Chicago. She serves on AHIMA’s Privacy and Security Practice Council, has served on the faculty of regional and national AHIMA, HIMSS, AHIA, HCCA and NCHICA conferences.

Emily Crabbe, JD

Emily Crabbe, JD

Investigator, HHS Office for Civil Rights

Emily’s investigative caseload has become focused on information security and data breaches. She functions as the office specialist for cases relating to the HIPAA Security Rule and for breaches that result in financial penalties. Before starting at HHS/OCR, she worked as a staff attorney at a clinical toxicology laboratory. She earned her law degree from Atlanta’s John Marshall Law School.

Kirk Davis

Kirk Davis

Director of Information Security and Network Engineering, Vidant Health

Kirk has contributed his unique personality and perspective to drive excellence and innovation at startups and Fortune 100 companies alike. In 2015, he received The Center for Digital Government’s, ‘Cybersecurity Leadership and Innovation Award”, and holds numerous professional certifications including CISSP, CISM, CGEIT, CRISC. His extensive career spans healthcare, manufacturing, telecom, banking and client advisory services. Kirk says his formula is simple, “Inspire your teams to feel dignified and passionate about what they bring to the table. If you can swing that, success always finds a way to sneak up on all of you.”

Erik Decker

Erik Decker

Chief Security & Privacy Officer, University of Chicago Medicine

Erik has 18 years of experience within Information Technology, with 12 years focused on Information Security. The majority of his career has been focused on Academic Medical Centers, establishing two information security programs and an identity and access management program. He co-leads a Department of Health and Human Services Task Group charged with implementing the Cybersecurity Act of 2015 Section 405(d) in the healthcare sector. The Task Group recently published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. He earned his MS in Information Technology from Loyola University in Chicago and BS in in Cell and Structural Biology from the University of Illinois in Champaign/Urbana.

Stephen Dunkle

Stephen Dunkle

Chief Information Security Officer, Geisinger Health System

Steve is the enterprise Chief Information Security Officer at Geisinger, including the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and Keystone Health Information Exchange. He has over 35 years of experience in the information and physical security field. His professional tenure includes senior security leadership positions at Dow Corning Corporation, American Fidelity Assurance, Fleming/Core-Mark, Sallie Mae, Publix Super Markets, The Mosaic Company, and others. He specializes in cybersecurity program development and IT risk management. 

Shelly Epps

Shelly Epps

Information Security Analyst, Duke Health

Shelly has extensive experience in research security, security contract control negotiations, risk assessment and public speaking. She is certified as a Healthcare Information Security and Privacy Practitioner (HCISPP). She currently is the Program Lead for Security Outreach and Education at Duke Health. She works closely with the other authors to triage and assess risks for research security.

Katherine Georger, JD

Katherine Georger, JD

Associate Compliance Officer & Director of Privacy, Duke University Health System

Katherine directs the privacy compliance activities of the Duke University Health System Compliance Program, including the School of Medicine, School of Nursing and Duke Clinical Research Institute. Prior to joining Duke Health, Katherine served as the HIPAA Privacy Officer for the University of Arizona, the Chief Privacy Officer and Director of Regulatory Services for WPS Health Solutions and the Privacy Program Manager for Stanford University’s covered-entity components and group health plans. She also spent more than five years working as an associate attorney in private practice advising clients on a variety of health care transactional and regulatory matters.

Ed Hammond, PhD

Ed Hammond, PhD

Director, Duke Center for Health Informatics

Ed also serves as Director of Applied Informatics Research at Duke Health Technology Solutions and Director of Academic Affairs for MMCi. He received his PhD from Duke University in 1967 and has served on the Duke faculty since then. He is Chair Emeritus of HL7 and serves on the NCHICA Board of Directors.

Jerry Hare

Jerry Hare

Manager for Security Operations & Engineering, Vidant Health

Jerry started his security career in the United States Air Force’s Cyber Operations and transitioned to consulting where he founded O’Hare Solutions. At O’Hare, Jerry built a cybersecurity services practice, with a team specializing in McAfee professional services, servicing customers in federal government, finance, manufacturing, telco, healthcare, and insurance across the US, Europe, and Asia.

Shay Hassidim

Shay Hassidim

Chief Technology Officer, sema4

Shay has more than 20 years of experience in technical management and leadership. He has been involved with large scale projects in different verticals including financial services, telecom, healthcare, e-commerce, travel, logistics and homeland security. Prior to joining Sema4, he worked for GigaSpaces Technologies, Versant and Sirius Technologies. He holds a BSC in Electrical and Computer Engineering from Ben-Gurion University of the Negev.

Susan Hayden, JD

Susan Hayden, JD

Director of Research Program Collaborations, Duke University School of Medicine

Susan is a Director in the Duke Office of Research Contracts and manages a team who oversees negotiation for research contracts across a broad landscape. She works closely with the other authors to triage and assess risks for research security using an in-house developed tool that allows for centralized engagement from multiple offices as well as transparency to the contract owner.

Rosemary  Herhold

Rosemary Herhold

Director of Information Security, Duke Health

Rosemary oversees a staff of 20 professionals dedicated to risk management, compliance and security applications and architecture. Her healthcare IT focus started at Ernst Young and Packer Thomas & Co. At Duke, Rosemary was instrumental in implementing a formal risk assessment process, IT monitoring and compliance program and developing business cases for security improvements. She is a CPA, CISSP and CISA.

David Holtzman, JD, CIPP

David Holtzman, JD, CIPP

VP for Compliance Strategies, CynergisTek

David is considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules. Prior to CynergisTek, he served on the health information privacy team at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS), where he led many OCR initiatives including the effort to integrate the administration and enforcement of the HIPAA Security Rule, and health information technology policies. He earned his law degree from Western New England College of Law.

Chuck Kesler

Chuck Kesler

CISO, Pendo.io

Chuck has over 30 years of IT and information security experience. Prior to joining Pendo.io in late 2018, he served as CISO for Duke Health for seven years. His prior experience also includes serving as the senior manager for Symantec’s Security Advisory Services consulting practice in the US. Chuck received an MBA and B.S. in Physics from NC State University, and has multiple industry certifications, including CISSP, CISM, PMP, and ITIL. He is also a graduate of Carnegie Mellon’s CISO Certificate Program.

Jeff Kramer

Jeff Kramer

CTO, MD Interconnect, Inc.

Jeff leads all Technology and Product Development at MD Interconnect, where he has been since February of 2016. He is an accomplished senior technology executive with significant experience in both Fortune1000 and startup environments. He began his career with IBM for 15 years and has continued his work in venture capital-backed companies with multiple successful exits. He earned a B.S. in Computer Science and Mathematics from North Dakota State University.

James Landers

James Landers

Identity and Access Management Security Engineer, Integris Health

James has over 30 years of IT experience, the last 22 in healthcare. In 2012, he became one of the founding members of Integris’ Identity and Access Management team. As a member of the team, he has helped implement such initiatives as company-wide access certification, integration of PeopleSoft and MIM to provision AD and Exchange accounts, and automated non-employee onboarding utilizing PeopleSoft. He holds a BS in Computer Science from the University of Central Oklahoma.

Taylor Lehmann

Taylor Lehmann

Chief Information Security Officer, Wellforce

Wellforce is a Tufts University-affiliated healthcare system which includes a major academic medical and research center. Taylor was a Director with PwC’s consulting arm and has held CISO, CIO, and VP roles at large international banks, health insurance companies, and health technology companies over the course of his career. He is one of the co-founders of the Provider Third Party Risk Management Council and is an active member of HITRUST and H-ISAC organizations.

Allie Lindahl

Allie Lindahl

Employee Health & Risk Management Coordinator, Transitions LifeCare

Allie’s career began as a Pediatric Critical Care Nurse at WakeMed.  Her interest in technology, data analytics and quality improvement led to multiple leadership roles in system implementations across the hospital and also to a Masters in Health Informatics and Information Management from East Carolina University. She previously served as an Administration Specialist to the SVP and CNO at WakeMed and led the WakeMed Nursing Informatics Council.

Chris Lloyd

Chief Technology Officer, Oxford Computer Group

Chris is responsible for helping enterprise clients architect and implement business–focused identity management infrastructure. His clients include large healthcare institutions, financial institutions, and universities. He is a recognized expert on Microsoft’s identity and security offerings, including Azure Active Directory, Microsoft Intune, Azure Rights Management Services (Azure RMS), and Microsoft Identity Manager (MIM). Chris frequently advises Chief Security Officers on the best way to leverage their investments in Microsoft identity and security offerings. He is a former Marine and veteran of Operation Enduring Freedom.

Dina Marty

Senior Counsel, Wake Forest University Baptist Medical Center

Since 2002, Dina has served as primary counsel for privacy and security matters at Wake Forest University Baptist Medical Center and Wake Forest University. She chairs the University’s Information Technology Security Advisory Committee and serves as a founding member of the Medical Center’s Privacy and Security Council. Her responsibilities include: providing ongoing support for the review, investigation, and possible reporting of alleged privacy and security incidents; and collaborating extensively with the Medical Center’s Compliance Department, Privacy Office and Office of Research on key matters involving HIPAA and GDPR compliance, including authoring business associate agreements, policies and procedures, and employee training.

Bryan McGowan

Bryan McGowan

Security Practice Director, Burwood Group

Bryan provides advisory and technical security consulting services to clients with regulatory, legal and compliance needs. He has over 20 years of experience in security, previously working for SecurityStudio, FRSecure LLC, Bloom Health and Lifetouch. He earned his BS in Computer Science from North Dakota State University and holds CISPP certification.

Emily Mengel

Emily Mengel

Biomedical Engineer II, WakeMed

Emily has been in the Healthcare Technology Management field for two years. In 2011, she received her BS in Biological Engineering from Mississippi State University, and in 2017, she received her MS in Biomedical Engineering jointly from North Carolina State University and The University of North Carolina at Chapel Hill. Her areas of interest in the Healthcare Technology Management field include Clinical Alarm Management, Cybersecurity, and Medical Device Integration.

Ken Mortensen, JD

Data Protection Officer, InterSystems

An attorney and engineer, Ken is a privacy/security professional with over 20 years legal/30 years IT experience. During the Bush Administration, he served as Associate Deputy AG for Privacy and Civil Liberties at DOJ and DHS’s first Deputy CPO. He also served as CPO for CVS Health and Boston Scientific, had his own law firm, was the Pennsylvania AG’s special counsel for cyber, and taught at Villanova Law. He served on IAPP’s board and is the privacy expert on TSA’s Aviation Security Advisory Committee. 

Peter Nelson

Peter Nelson

Cyber Security Engineer, Stern Security

Peter started his IT career in System Administration and Security for Coastal Federal Credit Union. He moved from there to a Cyber Security Engineer role at WakeMed. He currently works for Stern Security, helping a wide range of customers across industries identify and address key security issues and plan for the future.

Alex Nisenbaum, JD

Alex Nisenbaum, JD

Associate, Pepper Hamilton LLP

Alex’s practice is focused on technology transaction and data privacy and security matters. He aadvises clients on data privacy and information security laws and regulations, including compliance with HIPAA, Gramm-Leach-Bliley, US/EU Privacy Shield, state data protection and breach notification requirements, and development and implementation of data protection policies and “best practices.” He is certified as an information privacy professional (CIPP/US & CIPP/E) by the International Association of Privacy Professionals.

Lee Olson, CISSP, CISM

Lee Olson, CISSP, CISM

Principal Analyst, Mayo Clinic

Lee works in Mayo Clinic’s information security group with primary responsibilities in the areas of policy and identity and access management. He has over 35 years of general experience in the information security field and previously worked for the Defense Investigative Service as an industrial security specialist and regional computer security specialist.

Karen Pagliaro-Meyer, CHC, CHPC

Karen Pagliaro-Meyer, CHC, CHPC

Chief Privacy Officer, Columbia University Medical Center

Karen has over 25 years of experience in healthcare privacy, research, compliance, regulatory affairs, safety and quality improvement at large academic medical centers. She previously served as Director of Corporate Compliance & Privacy Officer at New York-Presbyterian Hospital.

David Peloquin, JD

David Peloquin, JD

Associate, Ropes & Gray LLP

As a member of the health care group, David focuses his practice on advising academic medical centers, life sciences companies, and information technology companies on issues related to human subjects and animal research, data privacy, and Medicare/Medicaid reimbursement issues. He frequently writes and speaks on topics related to these areas, and serves as a community member of the IRB at Partners Healthcare in Boston. He received his law degree from Yale Law School and clerked at the U.S. Court of Appeals for the Eighth Circuit. Before law school, he worked as a project manager for Epic Systems.

Matthew Radcliffe

Matthew Radcliffe

Director, SailPoint Healthcare Vertical

Matthew is responsible for developing, communicating and executing the overall healthcare strategy for the company. Prior to joining SailPoint, he served as the Director of Sales and Marketing for NXP America’s Semiconductor’s Identification business with a focus on EMV & Mobile Payments, Secured Identification Credentials and Contactless Transit Payment Technologies. He also worked for Sentillion and Gemalto.

Tanisha Raiford, JD

Tanisha Raiford, JD

Chief Privacy Officer & Senior Billing Compliance Officer, Weill Cornell Medicine

Tanisha has over 15 years of experience in healthcare operations, privacy, research, compliance, regulatory affairs, quality improvement, and managed care in both physician practices and large academic medical centers. She previously served as Vice President of a Health Care Management firm where she was responsible for compliance, privacy, medical malpractice, internal audit, revenue cycle, and operations. She holds a JD and MPA, with CIPP, CHRC, CHPC, CCEP, CHC and CHPC certifications.

George Reed, MHA

Director of Clinical Engineering, WakeMed

George oversees medical devices lifecycle management, biomedical device integration (BMDI), as well as medical device security. He has 34 years of experience in the Healthcare Technology Management (HTM) field with various roles and experiences. George began his career in the US Army where he was a biomedical trained technician and received an Associates in Biomedical Instrumentation. He then pursued his Bachelors in Organizational Management and Masters in Healthcare Administration.  

Rob Sarkis

Rob Sarkis

CIO, American Hospital Association

Rob brings over 25 years of experience in technology transformation. He is currently the Chief Information Officer at American Hospital Association, a national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. His focus is to deliver innovative, business-enabling IT strategies that form the foundation for long-term strategic business plans, allowing organizations to evolve their business model and compete locally/globally.

Dennis Schmidt, MS, CISSP

Dennis Schmidt, MS, CISSP

Chief Information Security Officer, UNC Chapel Hill

Dennis also serves as the Assistant Vice Chancellor for Information Security and Privacy. He previously served as the HIPAA Security Officer at the UNC School of Medicine. He has over 25 years of experience leading IT teams in academic and military organizations.  He holds a an MS in Computer Science from the Naval Postgraduate School and CISSP certification. He is a retired naval officer with 24 years of service as a pilot of the P-3C Orion antisubmarine warfare aircraft.   

Bill Schultz

Bill Schultz

Security Architect, Vanderbilt University Medical Center

Bill is security architect who has worked in the Information Technology field for over 15 years, with a focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. He has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.

Anurag Shankar, PhD

Anurag Shankar, PhD

Senior Security Analyst, Indiana University

Anurag has nearly 20 years of experience developing, delivering, and managing IU’s central research cyberinfrastructure. He is a member of IU’s Center for Applied Cybersecurity Research and has expertise in regulatory compliance and cybersecurity risk management. He earned his PhD in Astronomy from the University of Illinois at Urbana-Champaign.

Raymond Shelton

Raymond Shelton

HIPAA Security Officer, Mount Sinai Health System

Ray has been involved within the AMC Security & Privacy Conference community for over a decade, as speaker, panel leader and member of the Conference Planning Committee. Ray is a US Navy veteran and alumnus of The University of Missouri at Rolla, and has over twenty years of health care information technology, privacy and security experience.

Jon Sternstein

Jon Sternstein

Principal, Stern Security

Jon is the author of the Cisco Press course titled Security Penetration Testing (The Art of Hacking) Live Lessons. He co-chairs the Privacy and Security Workgroup at NCHICA. Jon graduated with a B.A. in Computer Science and holds many security certifications including: GIAC Penetration Tester, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker. He has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine.

Campbell Tucker

Campbell Tucker

Chief Privacy Officer, Novant Health

Campbell’s responsibilities include management of the Novant privacy program and compliance with HIPAA privacy and other regulatory matters involving information management. Prior to his current role at Novant, he served as chief privacy officer at Wachovia Corporation and at Ally Bank. Campbell has also been a member of the Wachovia Legal Division, and has worked in private practice in North Carolina and Georgia. He received both his undergraduate and law degrees from Duke University

Richard Wyckoff, MS, CISSP

Richard Wyckoff, MS, CISSP

Regional Information Security Officer, University of Vermont Health Network

Rich is the Information Security Officer for the New York affiliates within The University of Vermont Health Network. In his seven year tenure there, Rich has covered topics such as Identity and Access Management, Data Loss Prevention, and Incident Response. He is a founding member of the Data Governance Council within the UVM Health Network. He holds a Master of Science in Information Security and Assurance from Norwich University and is a CISSP.

Time-worthy information presented by respected speakers on the subjects.

—2018 Conference Attendee

Click here to read the session descriptions.