Denise Anderson, MBA
President, Health Information Sharing and Analysis Center (H-ISAC)
Denise serves as Chair of the National Council of ISACs. She was recently elected to a 3-year term on the Cyber Working Group Executive Committee for the Health and Public Health Sector Coordinating Council. Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy. She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.
Holt Anderson, FHIMSS
Principal, Learning Health Strategies
Holt served as the Executive Director of NCHICA from 1995-2014. He continues to serve on the NCHICA Board of Directors. Holt also serves on the Board of Directors for the Learning Health Community and chairs the Policy and Governance Framework Initiative for Learning Health Systems.
Marti Arvin, JD
VP of Audit Strategy, CynergisTek
Marti is a well-known healthcare compliance professional with extensive experience and expertise. She has focused her career primarily on compliance issues associated with academic medicine. She has been a chief compliance and privacy officer at four academic medical centers and a for-profit hospital system. She has also served as an expert witness for privacy and information security cases. She earned her law degree from Indiana University and holds CHC-F, CHPC, CCEP-F and CHRC certifications.
IT Director & CISO, Saint Peter's Healthcare System
Robert has over 35 years of experience in manufacturing, financial and healthcare technology. As CISO, he oversees information security efforts around regulatory and audit compliance, policy development, technology risk mitigation, vulnerability management and administering the information security program at St. Peter’s. He holds MS degrees in business and technology management, and has earned CISA and CISM certifications.
CEO, CORL Technologies
Cliff is a leader in healthcare information technology, privacy and security, with over 20 years of industry experience. He is the founder/CEO of two successful companies that provide information protection services to healthcare organizations including many of the nation’s leading provider, payer and business associate organizations. Cliff also led the creation the HITRUST framework, which is the most broadly adopted healthcare security and privacy framework in the industry.
Director of CyberSecurity, HCA
TJ focuses on Threat Analytics and Intelligence & Response within the HCA Cyber Defense Center. He previously led teams on Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.
Security Architect-Identity & Access Management, The University of Kansas Health System
James has over 20 years of IT experience, with 15 of those years serving in the healthcare industry. He has led several initiatives such as multifactor authentication for remote access, privileged account management, and the overhaul of the Health Systems identity management solution. He holds a BS in Telecommunications Management from DeVry University-Kansas City.
David Behinfar, JD
Chief Privacy Officer, UNC Health Care System
David has held senior privacy positions over the last 17 years at several universities and academic medical centers including Stanford University, the University of Wisconsin-Madison and the University of Florida. He also spent six years as an associate attorney with substantial time spent representing clients in health care transactional and regulatory matters. David received his LLM in Health Law from DePaul University School of Law, and JD from the Southern Methodist University School of Law. He holds has numerous professional certifications in information privacy and security and frequently speaks at conferences on data privacy.
Holly Benton, JD, CHPC
University Privacy Officer, Duke University
Holly and her team facilitate compliance with federal, state and global privacy laws and regulations, manage privacy incident assessments and training, and provide guidance to campus stakeholders on privacy related matters that impact the university. Prior to Duke, Holly was the Interim Chief Privacy Officer at UNC Chapel Hill and practiced commercial litigation and employment law. She earned her JD from the University of Washington School of Law.
President & CEO, ComplyAssistant
Gerry brings over 35 years of experience in healthcare IT. Prior to ComplyAssistant, he was the Chief Information Security Officer for a major healthcare system in New Jersey, where he built the HIPAA Privacy and Security programs and chaired their multidisciplinary governance team. In 2002 Gerry founded ComplyAssistant to provide software and service solutions for HIPAA and IT strategic planning. He currently chairs the NJ HIMSS Privacy, Security and Compliance Committee.
Manager, Security Technology, Medical University of South Carolina
Steven is an information security professional with over two decades of experience in the IT industry. He served as both VP of Information Technology and HIPAA Security and Privacy Officer for Adheris, Inc. He also served as Chief Privacy Officer for Adheris’ parent company, inVentiv Health, Inc. He holds CISSP, GSTRT, GSNA, GCIH, and CCNA certifications.
Senior Information Security Analyst, Mayo Clinic
LeahAnn is responsible for improving the security of medical devices that are used within the Mayo Clinic environment prior to purchase. Her duties include assessing the vulnerability of medical devices and partnering with vendors and internal staff to improve medical device security. During her 29 year career at Mayo, LeahAnn has worked in the Department of Laboratory Medicine and Pathology, Clinical Trials Research, Information Technology, and Office of Information Security. She received her BS in Business Management from Cardinal Stritch University.
Senior Director, Coalfire
David has an active top-secret clearance with over 13 years of experience in technical disciplines such as: information assurance, information systems design, network design/implementation, security management operations, cloud service (IAAS/PAAS/SAAS) and deployment models (Public/Community/Hybrid/Private). He has successfully managed and assessed government and commercial systems with extensive experience in information system security, FedRAMP, FISMA, program/project management oversight, security testing and evaluation, risk assessments, system/network designs review/implementations and has led many testing teams in project delivery.
Co-founder & Principal, Immersive
Stephanie is co-founder and principal for Immersive where she leads program and solution development, knowledge management, and customer success. Her 25+ years in healthcare have taken her from medical social work, to public health policy at Georgetown University’s NCEMCH, to the Advisory Board Company, and ultimately into health IT for companies like WebMD, CTG Health Solutions and CynergisTek. Stephanie holds her AB and AM from the University of Chicago. She serves on AHIMA’s Privacy and Security Practice Council, has served on the faculty of regional and national AHIMA, HIMSS, AHIA, HCCA and NCHICA conferences.
Emily Crabbe, JD
Investigator, HHS Office for Civil Rights
Emily’s investigative caseload has become focused on information security and data breaches. She functions as the office specialist for cases relating to the HIPAA Security Rule and for breaches that result in financial penalties. Before starting at HHS/OCR, she worked as a staff attorney at a clinical toxicology laboratory. She earned her law degree from Atlanta’s John Marshall Law School.
Director of Information Security and Network Engineering, Vidant Health
Kirk has contributed his unique personality and perspective to drive excellence and innovation at startups and Fortune 100 companies alike. In 2015, he received The Center for Digital Government’s, ‘Cybersecurity Leadership and Innovation Award”, and holds numerous professional certifications including CISSP, CISM, CGEIT, CRISC. His extensive career spans healthcare, manufacturing, telecom, banking and client advisory services. Kirk says his formula is simple, “Inspire your teams to feel dignified and passionate about what they bring to the table. If you can swing that, success always finds a way to sneak up on all of you.”
Chief Security & Privacy Officer, University of Chicago Medicine
Erik has 18 years of experience within Information Technology, with 12 years focused on Information Security. The majority of his career has been focused on Academic Medical Centers, establishing two information security programs and an identity and access management program. He co-leads a Department of Health and Human Services Task Group charged with implementing the Cybersecurity Act of 2015 Section 405(d) in the healthcare sector. The Task Group recently published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. He earned his MS in Information Technology from Loyola University in Chicago and BS in in Cell and Structural Biology from the University of Illinois in Champaign/Urbana.
Chief Information Security Officer, Geisinger Health System
Steve is the enterprise Chief Information Security Officer at Geisinger, including the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and Keystone Health Information Exchange. He has over 35 years of experience in the information and physical security field. His professional tenure includes senior security leadership positions at Dow Corning Corporation, American Fidelity Assurance, Fleming/Core-Mark, Sallie Mae, Publix Super Markets, The Mosaic Company, and others. He specializes in cybersecurity program development and IT risk management.
Information Security Analyst, Duke Health
Shelly has extensive experience in research security, security contract control negotiations, risk assessment and public speaking. She is certified as a Healthcare Information Security and Privacy Practitioner (HCISPP). She currently is the Program Lead for Security Outreach and Education at Duke Health. She works closely with the other authors to triage and assess risks for research security.
Katherine Georger, JD
Associate Compliance Officer & Director of Privacy
Katherine directs the privacy compliance activities of the Duke University Health System Compliance Program, including the School of Medicine, School of Nursing and Duke Clinical Research Institute. Prior to joining Duke Health, Katherine served as the HIPAA Privacy Officer for the University of Arizona, the Chief Privacy Officer and Director of Regulatory Services for WPS Health Solutions and the Privacy Program Manager for Stanford University’s covered-entity components and group health plans. She also spent more than five years working as an associate attorney in private practice advising clients on a variety of health care transactional and regulatory matters.
Ed Hammond, PhD
Director, Duke Center for Health Informatics
Ed also serves as Director of Applied Informatics Research at Duke Health Technology Solutions and Director of Academic Affairs for MMCi. He received his PhD from Duke University in 1967 and has served on the Duke faculty since then. He is Chair Emeritus of HL7 and serves on the NCHICA Board of Directors.
Manager for Security Operations & Engineering, Vidant Health
Jerry started his security career in the United States Air Force’s Cyber Operations and transitioned to consulting where he founded O’Hare Solutions. At O’Hare, Jerry built a cybersecurity services practice, with a team specializing in McAfee professional services, servicing customers in federal government, finance, manufacturing, telco, healthcare, and insurance across the US, Europe, and Asia.
Chief Technology Officer, sema4
Shay has more than 20 years of experience in technical management and leadership. He has been involved with large scale projects in different verticals including financial services, telecom, healthcare, e-commerce, travel, logistics and homeland security. Prior to joining Sema4, he worked for GigaSpaces Technologies, Versant and Sirius Technologies. He holds a BSC in Electrical and Computer Engineering from Ben-Gurion University of the Negev.
Susan Hayden, JD
Director of Research Program Collaborations, Duke University School of Medicine
Susan is a Director in the Duke Office of Research Contracts and manages a team who oversees negotiation for research contracts across a broad landscape. She works closely with the other authors to triage and assess risks for research security using an in-house developed tool that allows for centralized engagement from multiple offices as well as transparency to the contract owner.
Director of Information Security, Duke Health
Rosemary oversees a staff of 20 professionals dedicated to risk management, compliance and security applications and architecture. Her healthcare IT focus started at Ernst Young and Packer Thomas & Co. At Duke, Rosemary was instrumental in implementing a formal risk assessment process, IT monitoring and compliance program and developing business cases for security improvements. She is a CPA, CISSP and CISA.
David Holtzman, JD, CIPP
VP for Compliance Strategies, CynergisTek
Chuck has over 30 years of IT and information security experience. Prior to joining Pendo.io in late 2018, he served as CISO for Duke Health for seven years. His prior experience also includes serving as the senior manager for Symantec’s Security Advisory Services consulting practice in the US. Chuck received an MBA and B.S. in Physics from NC State University, and has multiple industry certifications, including CISSP, CISM, PMP, and ITIL. He is also a graduate of Carnegie Mellon’s CISO Certificate Program.
CTO, MD Interconnect, Inc.
Jeff leads all Technology and Product Development at MD Interconnect, where he has been since February of 2016. He is an accomplished senior technology executive with significant experience in both Fortune1000 and startup environments. He began his career with IBM for 15 years and has continued his work in venture capital-backed companies with multiple successful exits. He earned a B.S. in Computer Science and Mathematics from North Dakota State University.
Identity and Access Management Security Engineer, Integris Health
James has over 30 years of IT experience, the last 22 in healthcare. In 2012, he became one of the founding members of Integris’ Identity and Access Management team. As a member of the team, he has helped implement such initiatives as company-wide access certification, integration of PeopleSoft and MIM to provision AD and Exchange accounts, and automated non-employee onboarding utilizing PeopleSoft. He holds a BS in Computer Science from the University of Central Oklahoma.
Chief Information Security Officer, Wellforce
Wellforce is a Tufts University-affiliated healthcare system which includes a major academic medical and research center. Taylor was a Director with PwC’s consulting arm and has held CISO, CIO, and VP roles at large international banks, health insurance companies, and health technology companies over the course of his career. He is one of the co-founders of the Provider Third Party Risk Management Council and is an active member of HITRUST and H-ISAC organizations.
Employee Health & Risk Management Coordinator, Transitions LifeCare
Allie’s career began as a Pediatric Critical Care Nurse at WakeMed. Her interest in technology, data analytics and quality improvement led to multiple leadership roles in system implementations across the hospital and also to a Masters in Health Informatics and Information Management from East Carolina University. She previously served as an Administration Specialist to the SVP and CNO at WakeMed and led the WakeMed Nursing Informatics Council.
Chief Technology Officer, Oxford Computer Group
Chris is responsible for helping enterprise clients architect and implement business–focused identity management infrastructure. His clients include large healthcare institutions, financial institutions, and universities. He is a recognized expert on Microsoft’s identity and security offerings, including Azure Active Directory, Microsoft Intune, Azure Rights Management Services (Azure RMS), and Microsoft Identity Manager (MIM). Chris frequently advises Chief Security Officers on the best way to leverage their investments in Microsoft identity and security offerings. He is a former Marine and veteran of Operation Enduring Freedom.
Senior Counsel, Wake Forest University Baptist Medical Center
Since 2002, Dina has served as primary counsel for privacy and security matters at Wake Forest University Baptist Medical Center and Wake Forest University. She chairs the University’s Information Technology Security Advisory Committee and serves as a founding member of the Medical Center’s Privacy and Security Council. Her responsibilities include: providing ongoing support for the review, investigation, and possible reporting of alleged privacy and security incidents; and collaborating extensively with the Medical Center’s Compliance Department, Privacy Office and Office of Research on key matters involving HIPAA and GDPR compliance, including authoring business associate agreements, policies and procedures, and employee training.
Security Practice Director, Burwood Group
Bryan provides advisory and technical security consulting services to clients with regulatory, legal and compliance needs. He has over 20 years of experience in security, previously working for SecurityStudio, FRSecure LLC, Bloom Health and Lifetouch. He earned his BS in Computer Science from North Dakota State University and holds CISPP certification.
Biomedical Engineer II, WakeMed
Emily has been in the Healthcare Technology Management field for two years. In 2011, she received her BS in Biological Engineering from Mississippi State University, and in 2017, she received her MS in Biomedical Engineering jointly from North Carolina State University and The University of North Carolina at Chapel Hill. Her areas of interest in the Healthcare Technology Management field include Clinical Alarm Management, Cybersecurity, and Medical Device Integration.
Ken Mortensen, JD
Data Protection Officer, InterSystems
An attorney and engineer, Ken is a privacy/security professional with over 20 years legal/30 years IT experience. During the Bush Administration, he served as Associate Deputy AG for Privacy and Civil Liberties at DOJ and DHS’s first Deputy CPO. He also served as CPO for CVS Health and Boston Scientific, had his own law firm, was the Pennsylvania AG’s special counsel for cyber, and taught at Villanova Law. He served on IAPP’s board and is the privacy expert on TSA’s Aviation Security Advisory Committee.
Cyber Security Engineer, Stern Security
Peter started his IT career in System Administration and Security for Coastal Federal Credit Union. He moved from there to a Cyber Security Engineer role at WakeMed. He currently works for Stern Security, helping a wide range of customers across industries identify and address key security issues and plan for the future.
Alex Nisenbaum, JD
Associate, Pepper Hamilton LLP
Alex’s practice is focused on technology transaction and data privacy and security matters. He aadvises clients on data privacy and information security laws and regulations, including compliance with HIPAA, Gramm-Leach-Bliley, US/EU Privacy Shield, state data protection and breach notification requirements, and development and implementation of data protection policies and “best practices.” He is certified as an information privacy professional (CIPP/US & CIPP/E) by the International Association of Privacy Professionals.
Lee Olson, CISSP, CISM
Principal Analyst, Mayo Clinic
Lee works in Mayo Clinic’s information security group with primary responsibilities in the areas of policy and identity and access management. He has over 35 years of general experience in the information security field and previously worked for the Defense Investigative Service as an industrial security specialist and regional computer security specialist.
Karen Pagliaro-Meyer, CHC, CHPC
Chief Privacy Officer, Columbia University Medical Center
Karen has over 25 years of experience in healthcare privacy, research, compliance, regulatory affairs, safety and quality improvement at large academic medical centers. She previously served as Director of Corporate Compliance & Privacy Officer at New York-Presbyterian Hospital.
David Peloquin, JD
Associate, Ropes & Gray LLP
As a member of the health care group, David focuses his practice on advising academic medical centers, life sciences companies, and information technology companies on issues related to human subjects and animal research, data privacy, and Medicare/Medicaid reimbursement issues. He frequently writes and speaks on topics related to these areas, and serves as a community member of the IRB at Partners Healthcare in Boston. He received his law degree from Yale Law School and clerked at the U.S. Court of Appeals for the Eighth Circuit. Before law school, he worked as a project manager for Epic Systems.
Director, SailPoint Healthcare Vertical
Matthew is responsible for developing, communicating and executing the overall healthcare strategy for the company. Prior to joining SailPoint, he served as the Director of Sales and Marketing for NXP America’s Semiconductor’s Identification business with a focus on EMV & Mobile Payments, Secured Identification Credentials and Contactless Transit Payment Technologies. He also worked for Sentillion and Gemalto.
Tanisha Raiford, JD
Chief Privacy Officer & Senior Billing Compliance Officer, Weill Cornell Medicine
Tanisha has over 15 years of experience in healthcare operations, privacy, research, compliance, regulatory affairs, quality improvement, and managed care in both physician practices and large academic medical centers. She previously served as Vice President of a Health Care Management firm where she was responsible for compliance, privacy, medical malpractice, internal audit, revenue cycle, and operations. She holds a JD and MPA, with CIPP, CHRC, CHPC, CCEP, CHC and CHPC certifications.
George Reed, MHA
Director of Clinical Engineering, WakeMed
George oversees medical devices lifecycle management, biomedical device integration (BMDI), as well as medical device security. He has 34 years of experience in the Healthcare Technology Management (HTM) field with various roles and experiences. George began his career in the US Army where he was a biomedical trained technician and received an Associates in Biomedical Instrumentation. He then pursued his Bachelors in Organizational Management and Masters in Healthcare Administration.
CIO, American Hospital Association
Rob brings over 25 years of experience in technology transformation. He is currently the Chief Information Officer at American Hospital Association, a national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. His focus is to deliver innovative, business-enabling IT strategies that form the foundation for long-term strategic business plans, allowing organizations to evolve their business model and compete locally/globally.
Dennis Schmidt, MS, CISSP
Chief Information Security Officer, UNC Chapel Hill
Dennis also serves as the Assistant Vice Chancellor for Information Security and Privacy. He previously served as the HIPAA Security Officer at the UNC School of Medicine. He has over 25 years of experience leading IT teams in academic and military organizations. He holds a an MS in Computer Science from the Naval Postgraduate School and CISSP certification. He is a retired naval officer with 24 years of service as a pilot of the P-3C Orion antisubmarine warfare aircraft.
Security Architect, Vanderbilt University Medical Center
Bill is security architect who has worked in the Information Technology field for over 15 years, with a focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. He has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.
Anurag Shankar, PhD
Senior Security Analyst, Indiana University
Anurag has nearly 20 years of experience developing, delivering, and managing IU’s central research cyberinfrastructure. He is a member of IU’s Center for Applied Cybersecurity Research and has expertise in regulatory compliance and cybersecurity risk management. He earned his PhD in Astronomy from the University of Illinois at Urbana-Champaign.
HIPAA Security Officer, Mount Sinai Health System
Ray has been involved within the AMC Security & Privacy Conference community for over a decade, as speaker, panel leader and member of the Conference Planning Committee. Ray is a US Navy veteran and alumnus of The University of Missouri at Rolla, and has over twenty years of health care information technology, privacy and security experience.
Principal, Stern Security
Jon is the author of the Cisco Press course titled Security Penetration Testing (The Art of Hacking) Live Lessons. He co-chairs the Privacy and Security Workgroup at NCHICA. Jon graduated with a B.A. in Computer Science and holds many security certifications including: GIAC Penetration Tester, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker. He has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine.
Richard Wyckoff, MS, CISSP
Regional Information Security Officer, University of Vermont Health Network
Rich is the Information Security Officer for the New York affiliates within The University of Vermont Health Network. In his seven year tenure there, Rich has covered topics such as Identity and Access Management, Data Loss Prevention, and Incident Response. He is a founding member of the Data Governance Council within the UVM Health Network. He holds a Master of Science in Information Security and Assurance from Norwich University and is a CISSP.
Click here to read the session descriptions.