KEVIN R. THOMPSON, CCSFP, CHSA, CHSPA

Atlanta, GA

404-***-**** addxh7@r.postjobfree.com www.linkedin.com/in/kevinrthompson

SENIOR LEVEL INFORMATION SECURITY / COMPLIANCE PROFESSIONAL

Results-Driven, Goal-Focused, Security, Compliance, and Audit Program leader. 8+ years of direct experience in healthcare privacy management. In-depth knowledge of privacy laws, healthcare business operations, and information systems. Trusted Advisor/Facilitator in Support of Major HIPAA Compliance Efforts.

Intra-Company Communication & Interpersonal Skills / Project & Program Management

Regulatory Compliance Audits / GDPR, SOC 2 Type II, HIPAA, HITRUST / Employee & Management Training Breach Response-Corrective Action / Develop, Implement, and Enforce Policies and Procedures / Cybersecurity

Business Process Improvement / Healthcare IS / Customer Relations Management / Team Building

PROFESSIONAL EXPERIENCE

InComm Atlanta, GA

Healthcare Compliance Program Director Aug 2014 to Present

Oversee the establishment and maintenance of regulatory compliance practices through policy enforcement and program planning. Ensure all departments and business units maintain compliance with the HIPAA and other regulatory requirements.

Provide oversight of organizational security policies and procedures relevant to employees, contractors and other third parties. Establish roles and responsibilities regarding information ownership, classification, accountability, and protection of information assets. Provide appropriate consultation and implement corrective action for detected process deficiencies.

Ensure compliance with new rules, regulations and revisions, as set forth by the Center for Medicare and Medicaid Services (CMS), as well as other federal and state laws and regulations governing regulatory compliance.

Liaise with legal counsel regarding healthcare and privacy compliance requirements and interpretation of contractual language to ensure compliance with contractual documentation and requirements (BAA, RFP, MSA) for new and recurring healthcare clients.

Direct self-assessments/risk assessments to detect process deficiencies and provide consultation to address identified deficiencies facilitating cross functional best practices of risk management and compliance.

Lead internal (e.g., activity logs, HIPAA risk analysis) and external (e.g., HITRUST, SOC II, ADA/508) audits and security posture reviews.

Oversee the organization and maintenance of HIPAA documentation and other compliance policies and procedures.

Develop and direct Corporate/Entity Compliance programs for the affiliates of InComm healthcare & non-healthcare related business units. Work with affiliate resources and collaborate on strategy development for the compliance programs.

Provide day-to-day compliance guidance and advice to business partners, working with legal, corporate compliance, and regulatory colleagues.

Successfully developed and presented business cases related to new compliance initiatives such as HITRUST certification, 508/ADA Compliance and implementation of cross functional audit platforms. These initiatives have resulted in new business opportunities and enhanced audit readiness.

Directed the effective implementation of a legacy HIPAA/Regulatory awareness training platform to educate designated employees on compliance best practices, enhancing employee accountability and audit report quality.

Implement and facilitate ongoing work sessions to develop IT Governance process models and supporting

governance documentation systems. The practice has led to the establishment of a complete “culture of compliance” throughout the organization.

Initiated and led efforts to obtain the validated HITRUST Certification resulting in client confidence,

reduced organizational risk, new business opportunities, and successful compliance verification audits.

3M Healthcare Information Systems Atlanta, GA

ICD-10 Business Analyst (9 Month Project Position) Feb 2014 to Aug 2014

Traveled to client sites to interview stakeholders to determine if security controls were being implemented.

Inspected evidence and documented findings during the assessment. Managed evidence requests to facilitate remediation tasks, completed findings report, made recommendations, participated in practice development projects, and performed job-related and other training.

Verizon Enterprise Healthcare Solutions Alpharetta, GA

Lead Sr. Business Analyst / Project Manager Aug 2012 to Jan 2014

Oversaw all aspects of maintaining Business Requirements Documents (BRD) and Functional Requirements Documents (FRD) defining healthcare Medicaid/Medicare security information and privacy event monitoring systems.

Coordinated Joint Application Development (JAD) sessions throughout SDLC to resolve open issues. Met with developers to develop planning strategies.

Reviewed OCR and HIPAA standards to ensure compliance and security are in accordance with government and industry regulations.

Performed HL7 GAP Analysis in order to evaluate HL7 data and document integrity and determine documentation is in code ready format.

AEG Consulting Atlanta, GA

Healthcare IT Analyst May 2011 to Aug 2012

Provided application & implementation support, technology consultation, and operational support for Children’s Healthcare of Atlanta related to various EPIC/ChartMaxx (Medplus) projects. Served as Physician Liaison between Information System department and the physician community. Supported physician practices using various IS resources and/or support vendors.

Additional Professional Experience

EMR Business Analyst, Greenway Medical - Carrollton, GA

Public Health Project/Systems Manager, Fulton County Health & Wellness Division – Atlanta, GA

DOD Electronic Medical Records (EMR) Implementation Coordinator, Unisys Corp. – Atlanta, GA

EDUCATION & CERTIFICATIONS

Bachelor of Science, Operations/Technology Management, DeVry University, Decatur, GA

Certified HIT Security Administrator (CHSA)

Certified HIPAA Security Professional Accelerated (CHSPA)

Certified HITRUST CSF Practitioner (CCSFP)

PROFESSIONAL AFFILIATIONS

The United States Naval Reserve – Quarter Master NPSAC Program

Healthcare Information and Management Systems Society (HIMSS) Member

Georgia Basketball Officials Association

Contact this candidate