Sign in

Information Security Manager

Atlanta, Georgia, United States
134k per yr
May 10, 2019

Contact this candidate


O’Dell Covington, M.S.A.

**** ********** **** *****, ***** Mountain, GA 30087

C 678-***-****


Demonstrated leadership and 20+ years' experience in healthcare and regulatory compliance. Experience in the development, implementation, and expansion of an effective comprehensive compliance, ethics, and risk program and have a keen understanding of applicable laws, regulations, industry standards, and related compliance issues within a large, complex academic instructions, acute care organization, outpatient, ambulatory, hospice, pharmacies, dental organizations, and post-acute care facilities. Specializing in: HIPAA Privacy and Security, Title 42 Confidentiality Regulations, GA state laws for the protection of medical records and privacy rights. Release of Information. Auditing: Appropriate Access, Appropriate Provision of Patient Privacy Rights, Termination Procedures. Regulatory Compliance including STARK, Anti-Kickback, FWA, and False Claims Act.

Critical Skills

Possess experience collaborating with Information Security and Privacy Officers and team members in order to assure compliance with federal and state privacy regulations, including GLBA, HIPAA, HITRUST, HITECH, OCR, OIG, CMS, HHS, NIST, NIST SP 800-53 controls, Privacy, Security, HIPAA-HITECH, PCI, HITRUST, ISO 27001, and SOX, etc.

Capability to apply privacy investigation and data collection techniques gained from prior knowledge and infer appropriately to ongoing investigations.

Aptitude to confidently defend conclusions made regarding investigation plan prioritization and related decisions based upon knowledge of privacy investigations.

Understanding of dual role of data collected for legal decision making and metrics/reporting purposes and capability to articulate both types of consequences for missing data elements to responsible parties based upon both legal and data knowledge. Ability to respond to urgent pressing matters with deadlines.

Experience in Risk Assessment, audit, and IT security assessments. Familiar with healthcare and financial compliance regulations and IT and security frameworks and standards.

Communicates openly, clearly, and completely (including excellent written skills). Adapts quickly to evolving internal and business policies and procedures. Demonstrated excellence in conducting in-depth research and analysis regarding a broad range of issues. Demonstrated ability to manage multiple complex initiatives in a self-directed manner. Demonstrated ability to communicate effectively with broad spectrum of business segment personnel and senior leadership.

Responsible for leading investigative process for privacy incidents within the Corporate function. Responsible for the creation and delivery of training related to incident management. Coordinates communication, engages resources including Business Unit Attorneys, Business Unit Compliance Teams, Information Security and Risk Management, Human Resources and others as appropriate, tracks progress of incidents and investigations, and facilitates resolution.

Provide guidance on securing Bio-Medical devices, other state privacy and security laws. Assess and communicate security risks associated with all purchases/practices performed by the company. Interpret and assist with implementation of information security and compliance/regulatory policies, standards, and other requirements

Write and deliver reports, detailing the findings and provide recommendations to help the customer meet information security and compliance standards

Develop and communicate security/audit strategies, solutions, and plans to client’s executive team, staff, and stakeholders

Proven experience planning, executing, and managing a variety of regulatory, investigative, and educational-based projects as an integral member of privacy and information security program. Demonstrated experience preparing training materials and conducting education or training sessions throughout the organization.

Professional Certifications



WAUKEE, IA 50263 (Issued 4/29/19; Expires 4/29/2022)

Certified Professional Compliance Officer (CPCO)


2233 South Presidents Drive

Salt Lake City, UT 84120 (Testing date 11/2019)

Education Completed

Master of Science, Healthcare / Administration, Central Michigan University, Mt Pleasant, MI

Bachelors of Science, Lander College, Greenwood, SC

Associate of Science, Piedmont Technical College, Greenwood, SC


Certificate of Attendance

University of Alabama at Birmingham, School of Health Professions – ONC Value Based Care

Certificates of training:

Health Care Statistics and Reports, Management Objectives/Fundamentals, Continuous Quality Improvement, QI Methods for a Health Care Setting, Managing Multiple Projects, Project Management, Fundamentals of Business Writing, Delivering Winning Presentations, Microsoft Word, Excel, Access, and Power Point, Utilization Review and in Case Management, ICD 9 CM Coding, Advance ICD 9 CM Coding, CPT 4 Coding, and Advance CPT 4 Coding. Crystal Reporting, Business Intelligence, SQL, HIPAA, Meaningful Use, and EHR.


Healthcare Compliance Manager, 2017 to present

Konica Minolta Business Solutions, Atlanta, GA

Responsible for the development and implementation of Konica Minolta’s Privacy Program in compliance with state and federal privacy laws. Includes policies, procedures, training and education, complaint and incident investigation, auditing and monitoring. Review all contractual agreements and obtain business associate agreements when required.

Serving as the vCCO for such agencies as, Pharmacies, Hospice, Acute Care, Post- Acute Care, Dental, Commercial Insurance companies, and Physician Practices. Providing customer facing technical leadership on IT risk assessment, HIPAA, Privacy and Information Security.

Complete semi-annual compliance reviews and inspections to determine the level of compliance with federal, state, and local laws, regulations and ordinances related to the agency practice. Work with the staff and corporate management to correct any deficiencies found during the reviews.

Report and assist in investigating any compliance related issues. Provide reports and updates to the corporate Chief Compliance Officer and assist with the resolution and documentation of the substantiated compliance issues.

Assist with the create, annual review and update all compliance policies and procedures to ensure compliance with federal, state & local laws and regulations

Assists the corporate Chief Compliance Officer with providing the Board of Directors regular updates and reports on the status of the company’s Compliance Program and summaries and status updates on any identified compliance issues or concerns.

Collaborate with the corporate Chief Compliance Officer to review the compliance program and ensure that all operations are consistent with standard corporate Policies and Procedures and compliant with federal, state & local laws and regulations.

Working with business, pharmacy, clinical, hospital, post-acute care organizations, LTC organizations and IT owners coordinate functions in the event of incidents or breaches.

Oversees and monitors the implementation of the Compliance Program including development, initiation and maintenance of policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct.

Experience in conducting HIPAA Security risk assessment on Pharmacy programs and IT operations

Providing gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions. Support and maintain security, HIPAA and privacy policies.

Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future. Perform vulnerability security scans to help identify and correct infrastructure security issues found in servers and databases.

Chairs the Corporate Compliance Committee and provides reports on a regular basis, and as directed or requested, to keep the Compliance Committee of the Board and senior management informed of the operation and progress of compliance efforts.

Ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.

Implements and operates retaliation-free reporting channels and provides direction and management of an anonymous compliance hotline for all employees, affiliates, and vendors.

Responsible for driving and managing a third-party risk management program, including screening and diligence, vendor code of conduct, ongoing auditing and monitoring.

Institutes and maintains an effective compliance communication program for the organization, including promoting (a) use of the compliance hotline; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related policies and procedures.

Works with the Human Resources Department and others as appropriate to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees, managers, and the Board.

Monitors the performance of the Compliance Program and related activities on a continuing basis, taking appropriate steps to improve and ensure its effectiveness at preventing and/or detecting violations of law, regulations, policies, procedures, and the Company’s Standards of Conduct.

Regulatory Compliance, Privacy & Information Systems Auditor, 2014 to 2017

Piedmont Healthcare, Inc., Atlanta, GA

Compliance duties and responsibilities:

Develop and monitor the effectiveness of the compliance program across all entities and departments. Facilitating ongoing compliance education and training across the company and serving as a resource partner. Assisting the Chief Executive Officer in investigating and acting on reports or allegations concerning possible unethical or improper business practices and monitoring subsequent corrective action and/or compliance. Assure compliance with federal and state privacy regulations, including DOJ, OCR, OIG, HIPAA – privacy and security, HITECH, NIST, SOC, other state healthcare related laws, and the organization’s privacy and security policies and procedures. Auditing and monitoring the effectiveness of the exclusion screening process.

Develop, implement and oversee a comprehensive compliance program, best practices, and policies and procedures to maintain the company’s compliance with all applicable federal, state, and local regulatory requirements.

Consistently review and monitor the Company’s operations and technology for adherence to compliance policies and procedures.

Train and assist security administration functions when necessary.

Interact with other IT Staff / Business Leads in meetings to assist with understanding security issues and discuss solutions. Monitored and reviewed security logs with the goal of improving detection and decreasing false positives.

Assist with Disaster Recovery documentation and ensure associated processes meet business requirements.

Assist with Threat & Vulnerability Management process and tools.

Prepare automated and ad hoc reports and/or interpret data from various security tools and sources.

Assist with application data inventory, mapping, and development of data flow process documentation.

Identifying, documenting, and implementing security technology and remediation measures.

Monitoring and or administering appropriate access, policies, procedures, and corrective action plans for security systems and applicable encryption methods.

Ensure that the privacy and information security awareness program meet industry regulations, standards, and compliance requirements; communicates the privacy and information security policies to appropriate workforce members and identifies top privacy and information security risks and behaviors to effectively reduce risks to the organization.

Assists in root cause analysis, corrective action plans, and investigative reports for privacy and information security incidents.

Lead and/or manage various strategic compliance projects throughout the organization relating to privacy and security, conflicts of interest, research activities, and other special programs. Internal investigations, audit and monitor activities, and education and training. Created and developed data and analytics that report on department operations.

Identifies potential areas of compliance vulnerability by means of chart audit and to develop/implement corrective action plans for resolution of problematic issues. Provides general guidance to providers and employees on how to improve and avoid or deal with similar situations in the future. Develops and periodically reviews and updates standards of quality and hospital privacy and compliance policy.

Privacy duties and responsibilities:

Oversee the development and maintenance of policies and procedures for the general operation of data practices and the compliance program and its related activities to prevent illegal, unethical, or improper conduct.

Partnered with others to institute and maintain an effective communication and training program for compliance and data practices.

Partnered with others to ensure there is a process in place for receiving, tracking and responding to alleged violations of rules, regulations, policies, procedures, and standards of conduct.

Collaborated with other departments to ensure compliance issues are directed to appropriate existing channels for investigation and resolution.

Identified potential areas of compliance vulnerability and risk; develop and provide oversight of corrective action plans for resolution of problematic issues, and provide general guidance on how to avoid or deal with similar situations in the future.

Partnered with others to ensure coordination of third party audits of department programs, including department's response to any findings and implementation of corrective actions.

Lead department response to reported data practices violations or data breaches.

Ensured proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.

Operational duties and responsibilities

Conducted HIPAA privacy assessments, OCR audit readiness reviews and mock audits, healthcare compliance program assessments, research program assessments, and respond to related department manager and staff inquiries from healthcare clients

Conducted in-person, detailed interviews with client representatives, including privacy officers, general counsel, health information management, and other compliance officers and directors.

Produced reports of findings documenting assessment results with recommendations to assist clients in improving their compliance programs and positioning

Presented clients with assessment results, recommendations and priority initiatives at on-site or remote workshops/meetings

Communicated directly with clients and manage client requirements/expectations around privacy services. Advised department managers on privacy and compliance issues upon inquiry and provide requested guidance to clients, in consultation with the Privacy Services Manager/Director and Subject Matter Experts, in response to regulatory enforcement/audits.

Perform quality assurance reviews of other consultants’ reports. Present clients with assessment result at on-site or remote workshops, along with recommendations to ensure compliance. Contributed the continuous improvement and development of Privacy services. Collaborated with colleagues in meeting company revenue/performance goals. Complete assigned training within designated timeframes.

Supported the Vice President of Compliance and Sr. Director of Compliance and Privacy to develop and successfully implement compliance initiatives and activities for special programs operated by the Compliance Department.

Developed, initiated, maintained, and revised policies and procedures for the general operation of the compliance program and its related activities. Responded to alleged violations of rules, regulations, policies, procedures, and standards of care by evaluation or recommending the initiation of investigative procedures to CPO and Executive Director of Compliance and Privacy.

Financial Ops Specialist (Program Manager), 2010 to 2013

Department of Community Health, Atlanta, Georgia

Reviewed audit evidence to draw appropriate conclusions regarding the state of the control environment, while maintaining a peripheral view of the organization.

Identified and appropriately communicated audit issues to management, offering recommended solutions that address risks and are relevant to the business. Drafted the audit report and recommendations assuring sufficient clarity and conciseness, grammatical, and spelling accuracy.

Initiated and lead the planning process, coordinates information gathering meetings, researches operational and financial data for the relevant project. Obtained an understanding of, and documents, business processes. Developed the audit programs. Provided guidance to and oversees the work of assigned auditors, while ensuring each project is conducted in an efficient and effective manner. Managed project to quality outcomes; ensure audits and reports are structured and conform to established methodology and quality expectations.

Set the agenda for and leads entrance meetings. Conducted test work and clearly documents and concludes on work performed. Utilized data analytics to enhance risk identification and quantification, and to provide valuable business intelligence to management. Prepared materials for meetings of the Audit and Compliance Committee of the Board of Trustees.

Reviewed draft report, in conjunction with work papers, and made edits and updates as necessary to present a clear and effective report for executive- and Board-level audience; worked collaboratively with department management in reviewing and updating final draft of report prior to issuance. Identified and appropriately communicated audit issues to management, offering recommended solutions that address risks and are relevant to the business.

Director, Quality Improvement

APS Healthcare, College Park, GA 2009-2010

Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and administration, the Privacy Oversight Committee, and legal counsel. Works with organization senior management and corporate quality and risk officer to establish an organization-wide Privacy Oversight Committee. Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the entity’s other compliance and operational assessment functions.

Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties. Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed. Establishes with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.

Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department. Works with all organization personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the organization’s policies and procedures and legal requirements.

Director, Data Analysis and Reporting, 2007-2009

Department of Community Health, Atlanta, Georgia

Delivers advanced configuration and security management of technologies safeguarding highly sensitive, critical corporate data. Assesses, presents and defends corporate security controls to regulators & clients. Lead the Output Services Risk and Compliance team including Business Continuity, Compliance, Audit, Safety, Risk Management and Security.

Reviewed risks and compliance requirements to assure the production process is not negatively impacted. Worked with internal and external auditing entities to ensure findings have been resolved in a timely fashion. Confirms Disaster Recovery and Business Continuity plans are documented and tested along with effective team member training.

Supported the business continuity program and assists in ensuring that the company is prepared to handle various man-made and natural disasters that cause business interruptions. Assists and monitors annual testing and validates that updates are performed to ensure regulatory and compliance standards are met.

Develops and maintains enterprise risk and compliance policies. Assumes ownership for enterprise programs which promote risk management. Ensures operational compliance and guidance pertaining to governance, data security and privacy, ethical business practices, and to the financial services industry globally. Determines methods to perform second line of defense monitoring of processes. Evaluates effectiveness of established controls to ensure gaps are identified and risk is within tolerance.

Communicates risk and compliance gaps or emerging threats to senior and executive management by identifying potential compliance, operational, financial, or reputational exposures and impacts with recommended remediation and communication plans for issue resolution.

Contact this candidate