Information Security and Privacy Executive

EXPERIENCE

Crawford and Company – Senior Director of Privacy and Security 2012 – Present

In addition to the Privacy Program responsibilities outlined in the Director of Privacy Compliance position below, assumed responsibility for the Crawford and Company Information Security Program.

Conduct information security risk assessments and identified strategic and tactical initiatives to deliver administrative, technical, and physical safeguards to protect information technology assets.

Evaluate security assessments for network of vendors providing information security solutions.

Create and maintain security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.

Develop and execute incident response procedure and process.

Investigate and resolve security and privacy breaches.

Directs and manages the information security and privacy group.

Develops and manages the information security and privacy budgets.

Crawford and Company – Director of Privacy Compliance 2011-2012

Established and maintained the Data Privacy/HIPAA Compliance Function for Large Global TPA Workers Compensation and Property and Casualty Claims Processing Company

Included management of strategic and tactical governance structure to guide the team in developing policies and procedures related to data privacy,

Drafted and negotiated business associate agreements, non-disclosure agreements, etc.

Drafted and maintained standard contracts with vendors to satisfy international global data transfer requirements as well as security and privacy provisions related to legal and regulatory mandates.

Drafted and negotiated business associate agreements, and non-disclosure agreements

Negotiated software licensing, SaaS, cloud hosting, and similar arrangements

Reviewed contracts with customers to assess compliance with data privacy and security laws and negotiated language to effect legally sound data protection and security requirements for these contracts.

Consulted with sales colleagues who were in the process of establishing new business to begin addressing privacy and security requirements on a pre-contract basis.

Designed, developed, and implemented third party assessment program to evaluate vendor privacy and security compliance as required by state law

Researched state statutes and regulations regarding the privacy and security of information systems and technology.

Assisted clients that have experienced significant data breaches

Drafted and implemented policies and procedures in compliance with HIPAA and State Law

Advised covered entities and business associates regarding compliance with the HIPAA privacy and security regulations and related guidance, including the applicable NIST and ISO27001 and 27002 security standards

Tenet Healthcare Corporation – South Fulton Medical Center 2009-2011

Chief Compliance Officer

Managed the design and implementation of the hospital corporate compliance program, including development of policies and standard operating procedures, information systems, and a training program to manage the risks under federal and state fraud and abuse laws.

Provided compliance and regulatory advice to multiple departments and service lines, including clinical, billing, and materials management functions.

Implemented and monitored the Ethics Action Line to facilitate reporting of compliance issues and provide help for employees with compliance issues or questions.

Led the development and rollout of the company’s internal compliance auditing and monitoring program.

Established a compliance training program for hospital clinical, billing, and administrative personnel.

Conducted investigations of compliance violations that were reported or identified during the internal audit process, by the ethics action line, or by employee exit interviews.

UCB, Inc. – Atlanta, GA

Director of Corporate Compliance 2003 – 2009

Managed the design and implementation of the specialty pharmaceutical manufacturer’s corporate compliance program, including development of policies and standard operating procedures, information systems, and a training program to manage the risks under federal and state privacy and fraud and abuse laws.

Provided compliance and regulatory advice to multiple business areas including divisions that sell products to treat inflammation, central nervous system, and respiratory conditions.

Implemented and monitored a compliance helpline to facilitate reporting of compliance issues and provide help for employees with compliance issues or questions.

Led the development and rollout of the company’s internal compliance auditing and monitoring program.

Established a compliance training program for commercial sales and marketing personnel and medical affairs personnel.

Conducted investigations of compliance violations that were reported or identified during the internal audit process.

Visiting Nurse Health System – Atlanta, GA

Director of Corporate Compliance 2002 – 2003

Managed the design and implementation of the health system’s HIPAA Privacy compliance solution.

Functioned as organization’s HIPAA Privacy Officer and HIPAA Security Officer.

Deloitte Consulting – Atlanta, GA

Senior Manager 1998 – 2002

Technology Team Project Director (Randstad, Detroit Edison, Morgan Stanley, and North Shore Long Island Jewish Health System)

Legacy Continuance Planning Team Lead (State Farm Insurance)

General Ledger Team Lead (State Farm Insurance)

Georgia Pacific Corporation – Atlanta, GA

Accounting Information Systems Manager 1994 – 1997

Project Manager, SAP Integrated Financials Project

Accenture – Atlanta, GA

Senior Consultant 1990 – 1994

Senior Functional Analyst, Health Insurance Claims System (Blue Cross Blue Shield of Tennessee)

Senior Functional Analyst, Accounts Receivable Team (Georgia Pacific)

Senior Technical Analyst, Interface Architecture Team (Georgia Pacific)

DB2 Performance Analyst / System Test Manager / Programmer Analyst (Delta Airlines)

Florida House of Representatives – Tallahassee, FL

Legislative Intern/Analyst 1988-1990

Researched substantive and fiscal impact of proposed legislation and prepared staff analyst recommendations to various House Committees

EDUCATION

Georgia State University College of Law, Atlanta, GA

Juris Doctor, magna cum laude

Honors: Highest Grade – Health Regulation, Litigation, Federal Taxation, Property, Criminal Law, Land Use Law, Securities Regulation

Recipient of Outer Barristers Guild Award (Top Ten Student Ranking)

Mercer University, Atlanta, GA

Master of Science, Health Care Management

The Florida State University

Master of Business Administration – Emphasis in Finance and Information Systems

Jacksonville State University

Bachelor of Music, Piano Performance

LICENSES

Admitted to Georgia Bar Association

CERTIFICATIONS

CIPP

CISSP

AFFILIATIONS

Member, International Information System Audit and Control Consortium

Member, International Association of Privacy Professionals and local Atlanta Privacy KnowledgeNet

Member, American Health Lawyers Association

Member, Health Care Compliance Association

Member, Georgia Association of Healthcare Attorneys

Member, Georgia Hospital Association Compliance Officers’ Roundtable

Member, Georgia Hospital Association Internal Counsel Roundtable

Contact this candidate