Speakers

Denise Anderson, MBA

Denise Anderson, MBA

President, Health Information Sharing and Analysis Center (H-ISAC)

Denise serves as Chair of the National Council of ISACs. She was recently elected to a 3-year term on the Cyber Working Group Executive Committee for the Health and Public Health Sector Coordinating Council. Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy. She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.

Holt Anderson, FHIMSS

Holt Anderson, FHIMSS

Principal, Learning Health Strategies

Holt served as the Executive Director of NCHICA from 1995-2014. He continues to serve on the NCHICA Board of Directors. Holt also serves on the Board of Directors for the Learning Health Community and chairs the Policy and Governance Framework Initiative for Learning Health Systems.

Marti Arvin, JD

Marti Arvin, JD

VP of Audit Strategy, CynergisTek

Marti is a well-known healthcare compliance professional with extensive experience and expertise. She has focused her career primarily on compliance issues associated with academic medicine. She has been a chief compliance and privacy officer at four academic medical centers and a for-profit hospital system. She has also served as an expert witness for privacy and information security cases. She earned her law degree from Indiana University and holds CHC-F, CHPC, CCEP-F and CHRC certifications.

Cliff Baker

Cliff Baker

CEO, CORL Technologies

Cliff is a leader in healthcare information technology, privacy and security, with over 20 years of industry experience. He is the founder/CEO of two successful companies that provide information protection services to healthcare organizations including many of the nation’s leading provider, payer and business associate organizations. Cliff also led the creation the HITRUST framework, which is the most broadly adopted healthcare security and privacy framework in the industry. 

TJ Bean

TJ Bean

Director of CyberSecurity, HCA

TJ focuses on Threat Analytics and Intelligence & Response within the HCA Cyber Defense Center. He previously led teams on Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.

James Beeson

James Beeson

Security Architect-Identity & Access Management, The University of Kansas Health System

James has over 20 years of IT experience, with 15 of those years serving in the healthcare industry. He has led several initiatives such as multifactor authentication for remote access, privileged account management, and the overhaul of the Health Systems identity management solution. He holds a BS in Telecommunications Management from DeVry University-Kansas City.

Holly Benton, JD, CHPC

Holly Benton, JD, CHPC

University Privacy Officer, Duke University

Holly and her team facilitate compliance with federal, state and global privacy laws and regulations, manage privacy incident assessments and training, and provide guidance to campus stakeholders on privacy related matters that impact the university. Prior to Duke, Holly was the Interim Chief Privacy Officer at UNC Chapel Hill and practiced commercial litigation and employment law. She earned her JD from the University of Washington School of Law.

Steve Cardinal

CISO, Medical University of South Carolina

Steve is an information security professional with over two decades in the IT industry. He has also served as both VP of Information Technology and HIPAA Security and Privacy Officer for Adheris, Inc. In addition, he has served as Chief Privacy Officer for Adheris’ parent company, inVentiv Health, Inc.

LeahAnn Clemens

LeahAnn Clemens

Senior Information Security Analyst, Mayo Clinic

LeahAnn is responsible for improving the security of medical devices that are used within the Mayo Clinic environment prior to purchase.  Her duties include assessing the vulnerability of medical devices and partnering with vendors and internal staff to improve medical device security. During her 29 year career at Mayo, LeahAnn has worked in the Department of Laboratory Medicine and Pathology, Clinical Trials Research, Information Technology, and Office of Information Security. She received her BS in Business Management from Cardinal Stritch University.

David Clevenger

David Clevenger

Senior Director, Coalfire

David has an active top-secret clearance with over 13 years of experience in technical disciplines such as: information assurance, information systems design, network design/implementation, security management operations, cloud service (IAAS/PAAS/SAAS) and deployment models (Public/Community/Hybrid/Private). He has successfully managed and assessed government and commercial systems with extensive experience in information system security, FedRAMP, FISMA, program/project management oversight, security testing and evaluation, risk assessments, system/network designs review/implementations and has led many testing teams in project delivery.

Jeff Comer

Security Specialist, Sirius

Jeff is a security solutions expert at Sirius with a specialization in Healthcare IT. He has 20 years of experience in helping enterprises develop and maintain proactive security programs. He focuses on tactical strategic data protection plans, and applies his knowledge of core infrastructure security, security program governance, threat and vulnerability management, identify and access management, and application security to enable the improvement of overall security posture.

Stephanie Crabb

Stephanie Crabb

Co-founder & Principal, Immersive

Stephanie is co-founder and principal for Immersive where she leads program and solution development, knowledge management, and customer success. Her 25+ years in healthcare have taken her from medical social work, to public health policy at Georgetown University’s NCEMCH, to the Advisory Board Company, and ultimately into health IT for companies like WebMD, CTG Health Solutions and CynergisTek. Stephanie holds her AB and AM from the University of Chicago. She serves on AHIMA’s Privacy and Security Practice Council, has served on the faculty of regional and national AHIMA, HIMSS, AHIA, HCCA and NCHICA conferences.

Emily Crabbe, JD

Emily Crabbe, JD

Investigator, HHS Office for Civil Rights

Emily’s investigative caseload has become focused on information security and data breaches. She functions as the office specialist for cases relating to the HIPAA Security Rule and for breaches that result in financial penalties. Before starting at HHS/OCR, she worked as a staff attorney at a clinical toxicology laboratory. She earned her law degree from Atlanta’s John Marshall Law School.

Kirk Davis

Kirk Davis

Director of Information Security and Network Engineering, Vidant Health

Kirk has contributed his unique personality and perspective to drive excellence and innovation at startups and Fortune 100 companies alike. In 2015, he received The Center for Digital Government’s, ‘Cybersecurity Leadership and Innovation Award”, and holds numerous professional certifications including CISSP, CISM, CGEIT, CRISC. His extensive career spans healthcare, manufacturing, telecom, banking and client advisory services. Kirk says his formula is simple, “Inspire your teams to feel dignified and passionate about what they bring to the table. If you can swing that, success always finds a way to sneak up on all of you.”

Erik Decker

Erik Decker

Chief Security & Privacy Officer, University of Chicago Medicine

Erik has 18 years of experience within Information Technology, with 12 years focused on Information Security. The majority of his career has been focused on Academic Medical Centers, establishing two information security programs and an identity and access management program. He co-leads a Department of Health and Human Services Task Group charged with implementing the Cybersecurity Act of 2015 Section 405(d) in the healthcare sector. The Task Group recently published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. He earned his MS in Information Technology from Loyola University in Chicago and BS in in Cell and Structural Biology from the University of Illinois in Champaign/Urbana.

Stephen Dunkle

Stephen Dunkle

Chief Information Security Officer, Geisinger Health System

Steve is the enterprise Chief Information Security Officer at Geisinger, including the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and Keystone Health Information Exchange. He has over 35 years of experience in the information and physical security field. His professional tenure includes senior security leadership positions at Dow Corning Corporation, American Fidelity Assurance, Fleming/Core-Mark, Sallie Mae, Publix Super Markets, The Mosaic Company, and others. He specializes in cybersecurity program development and IT risk management. 

Shelly Epps

Shelly Epps

Information Security Analyst, Duke Health

Shelly has extensive experience in research security, security contract control negotiations, risk assessment and public speaking. She is certified as a Healthcare Information Security and Privacy Practitioner (HCISPP). She currently is the Program Lead for Security Outreach and Education at Duke Health. She works closely with the other authors to triage and assess risks for research security.

Ed Hammond, PhD

Ed Hammond, PhD

Director, Duke Center for Health Informatics

Ed also serves as Director of Applied Informatics Research at Duke Health Technology Solutions and Director of Academic Affairs for MMCi. He received his PhD from Duke University in 1967 and has served on the Duke faculty since then. He is Chair Emeritus of HL7 and serves on the NCHICA Board of Directors.

Jerry Hare

Manager for Security Operations & Engineering, Vidant Health

Jerry started his security career in the United States Air Force’s Cyber Operations. He later transitioned to consulting, and founded O’Hare Solutions. At O’Hare, Jerry built a cybersecurity services practice, with a team specializing in McAfee professional services, servicing customers in federal government, finance, manufacturing, telco, healthcare, and insurance across the US, Europe, and Asia.

Shay Hassidim

Shay Hassidim

Chief Technology Officer, sema4

Shay has more than 20 years of experience in technical management and leadership. He has been involved with large scale projects in different verticals including financial services, telecom, healthcare, e-commerce, travel, logistics and homeland security. Prior to joining Sema4, he worked for GigaSpaces Technologies, Versant and Sirius Technologies. He holds a BSC in Electrical and Computer Engineering from Ben-Gurion University of the Negev.

Susan Hayden, JD

Susan Hayden, JD

Director of Research Program Collaborations, Duke University School of Medicine

Susan is a Director in the Duke Office of Research Contracts and manages a team who oversees negotiation for research contracts across a broad landscape. She works closely with the other authors to triage and assess risks for research security using an in-house developed tool that allows for centralized engagement from multiple offices as well as transparency to the contract owner.

Rosemary  Herhold

Rosemary Herhold

Director of Information Security, Duke Health

Rosemary oversees a staff of 20 professionals dedicated to risk management, compliance and security applications and architecture. Her healthcare IT focus started at Ernst Young and Packer Thomas & Co. At Duke, Rosemary was instrumental in implementing a formal risk assessment process, IT monitoring and compliance program and developing business cases for security improvements. She is a CPA, CISSP and CISA.

David Holtzman, JD, CIPP

David Holtzman, JD, CIPP

VP for Compliance Strategies, CynergisTek

David is considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules. Prior to CynergisTek, he served on the health information privacy team at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS), where he led many OCR initiatives including the effort to integrate the administration and enforcement of the HIPAA Security Rule, and health information technology policies. He earned his law degree from Western New England College of Law.

Chuck Kesler

Chuck Kesler

CISO, Pendo.io

Chuck has over 30 years of IT and information security experience. Prior to joining Pendo.io in late 2018, he served as CISO for Duke Health for seven years. His prior experience also includes serving as the senior manager for Symantec’s Security Advisory Services consulting practice in the US. Chuck received an MBA and B.S. in Physics from NC State University, and has multiple industry certifications, including CISSP, CISM, PMP, and ITIL. He is also a graduate of Carnegie Mellon’s CISO Certificate Program.

Jeff Kramer

CTO, MD Interconnect, Inc.

Jeff leads all Technology and Product Development at MD Interconnect, where he has been since February of 2016. He is an accomplished senior technology executive with significant experience in both Fortune1000 and startup environments. He began his career with IBM for 15 years and has continued his work in venture capital-backed companies with multiple successful exits. He earned a B.S. in Computer Science and Mathematics from North Dakota State University.

Chris Lloyd

Chief Technology Officer, Oxford Computer Group

Chris is responsible for helping enterprise clients architect and implement business–focused identity management infrastructure. His clients include large healthcare institutions, financial institutions, and universities. He is a recognized expert on Microsoft’s identity and security offerings, including Azure Active Directory, Microsoft Intune, Azure Rights Management Services (Azure RMS), and Microsoft Identity Manager (MIM). Chris frequently advises Chief Security Officers on the best way to leverage their investments in Microsoft identity and security offerings. He is a former Marine and veteran of Operation Enduring Freedom.

Dina Marty

Senior Counsel, Wake Forest University Baptist Medical Center

Since 2002, Dina has served as primary counsel for privacy and security matters at Wake Forest University Baptist Medical Center and Wake Forest University. She chairs the University’s Information Technology Security Advisory Committee and serves as a founding member of the Medical Center’s Privacy and Security Council. Her responsibilities include: providing ongoing support for the review, investigation, and possible reporting of alleged privacy and security incidents; and collaborating extensively with the Medical Center’s Compliance Department, Privacy Office and Office of Research on key matters involving HIPAA and GDPR compliance, including authoring business associate agreements, policies and procedures, and employee training.

Bryan McGowan

Bryan McGowan

Security Practice Director, Burwood Group

Bryan provides advisory and technical security consulting services to clients with regulatory, legal and compliance needs. He has over 20 years of experience in security, previously working for SecurityStudio, FRSecure LLC, Bloom Health and Lifetouch. He earned his BS in Computer Science from North Dakota State University and holds CISPP certification.

Emily Mengel

Emily Mengel

Biomedical Engineer II, WakeMed

Emily has been in the Healthcare Technology Management field for two years. In 2011, she received her BS in Biological Engineering from Mississippi State University, and in 2017, she received her MS in Biomedical Engineering jointly from North Carolina State University and The University of North Carolina at Chapel Hill. Her areas of interest in the Healthcare Technology Management field include Clinical Alarm Management, Cybersecurity, and Medical Device Integration.

Ken Mortensen, JD

Data Protection Officer, InterSystems

An attorney and engineer, Ken is a privacy/security professional with over 20 years legal/30 years IT experience. During the Bush Administration, he served as Associate Deputy AG for Privacy and Civil Liberties at DOJ and DHS’s first Deputy CPO. He also served as CPO for CVS Health and Boston Scientific, had his own law firm, was the Pennsylvania AG’s special counsel for cyber, and taught at Villanova Law. He served on IAPP’s board and is the privacy expert on TSA’s Aviation Security Advisory Committee. 

Peter Nelson

Peter Nelson

Cyber Security Engineer, Stern Security

Peter started his IT career in System Administration and Security for Coastal Federal Credit Union. He moved from there to a Cyber Security Engineer role at WakeMed. He currently works for Stern Security, helping a wide range of customers across industries identify and address key security issues and plan for the future.

Alex Nisenbaum, JD

Alex Nisenbaum, JD

Associate, Pepper Hamilton LLP

Alex’s practice is focused on technology transaction and data privacy and security matters. He aadvises clients on data privacy and information security laws and regulations, including compliance with HIPAA, Gramm-Leach-Bliley, US/EU Privacy Shield, state data protection and breach notification requirements, and development and implementation of data protection policies and “best practices.” He is certified as an information privacy professional (CIPP/US & CIPP/E) by the International Association of Privacy Professionals.

Lee Olson, CISSP, CISM

Lee Olson, CISSP, CISM

Principal Analyst, Mayo Clinic

Lee works in Mayo Clinic’s information security group with primary responsibilities in the areas of policy and identity and access management. He has over 35 years of general experience in the information security field and previously worked for the Defense Investigative Service as an industrial security specialist and regional computer security specialist.

Karen Pagliaro-Meyer, CHC, CHPC

Karen Pagliaro-Meyer, CHC, CHPC

Chief Privacy Officer, Columbia University Medical Center

Karen has over 25 years of experience in healthcare privacy, research, compliance, regulatory affairs, safety and quality improvement at large academic medical centers. She previously served as Director of Corporate Compliance & Privacy Officer at New York-Presbyterian Hospital.

David Peloquin, JD

David Peloquin, JD

Associate, Ropes & Gray LLP

As a member of the health care group, David focuses his practice on advising academic medical centers, life sciences companies, and information technology companies on issues related to human subjects and animal research, data privacy, and Medicare/Medicaid reimbursement issues. He frequently writes and speaks on topics related to these areas, and serves as a community member of the IRB at Partners Healthcare in Boston. He received his law degree from Yale Law School and clerked at the U.S. Court of Appeals for the Eighth Circuit. Before law school, he worked as a project manager for Epic Systems.

Tanisha Raiford, JD

Tanisha Raiford, JD

Chief Privacy Officer & Senior Billing Compliance Officer, Weill Cornell Medicine

Tanisha has over 15 years of experience in healthcare operations, privacy, research, compliance, regulatory affairs, quality improvement, and managed care in both physician practices and large academic medical centers. She previously served as Vice President of a Health Care Management firm where she was responsible for compliance, privacy, medical malpractice, internal audit, revenue cycle, and operations. She holds a JD and MPA, with CIPP, CHRC, CHPC, CCEP, CHC and CHPC certifications.

George Reed, MHA

Director of Clinical Engineering, WakeMed

George oversees medical devices lifecycle management, biomedical device integration (BMDI), as well as medical device security. He has 34 years of experience in the Healthcare Technology Management (HTM) field with various roles and experiences. George began his career in the US Army where he was a biomedical trained technician and received an Associates in Biomedical Instrumentation. He then pursued his Bachelors in Organizational Management and Masters in Healthcare Administration.  

Rob Sarkis

Rob Sarkis

CIO, American Hospital Association

Rob brings over 25 years of experience in technology transformation. He is currently the Chief Information Officer at American Hospital Association, a national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. His focus is to deliver innovative, business-enabling IT strategies that form the foundation for long-term strategic business plans, allowing organizations to evolve their business model and compete locally/globally.

Bill Schultz

Bill Schultz

Security Architect, Vanderbilt University Medical Center

Bill is security architect who has worked in the Information Technology field for over 15 years, with a focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. He has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.

Anurag Shankar, PhD

Anurag Shankar, PhD

Senior Security Analyst, Indiana University

Anurag has nearly 20 years of experience developing, delivering, and managing IU’s central research cyberinfrastructure. He is a member of IU’s Center for Applied Cybersecurity Research and has expertise in regulatory compliance and cybersecurity risk management. He earned his PhD in Astronomy from the University of Illinois at Urbana-Champaign.

Raymond Shelton

Raymond Shelton

HIPAA Security Officer, Mount Sinai Health System

Ray has been involved within the AMC Security & Privacy Conference community for over a decade, as speaker, panel leader and member of the Conference Planning Committee. Ray is a US Navy veteran and alumnus of The University of Missouri at Rolla, and has over twenty years of health care information technology, privacy and security experience.

Jon Sternstein

Jon Sternstein

Principal, Stern Security

Jon is the author of the Cisco Press course titled Security Penetration Testing (The Art of Hacking) Live Lessons. He co-chairs the Privacy and Security Workgroup at NCHICA. Jon graduated with a B.A. in Computer Science and holds many security certifications including: GIAC Penetration Tester, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker. He has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine.

Time-worthy information presented by respected speakers on the subjects.

—2018 Conference Attendee

Click here to read the session descriptions.