INFORMATION PRIVACY & SECURITY/COMPLIANCE/TRAINING/OPERATIONS PROFESSIONAL
Mission-focused, policy-driven executive with a stellar history of providing the infrastructure and leadership necessary to foster a culture of compliance. Exceptional track record of developing compliance cultures delivering measurable, cost-effective results. Specialized skills include effective policy writing, creating and implementing training programs that promote learning at all levels, as well as leading incident response for data breaches and regulatory inquiries. Outstanding record of working with regulators in minimizing punitive actions/damages.
PROFESSIONAL EXPERIENCE
University of Miami Miller School of Medicine/UHealth System, Miami, FL 1989 – Present
World renowned academic medical center that serves South Florida, South America, and the Caribbean in patient care, research, and education.
Director – Office of HIPAA Privacy & Security 1/2003 – Present
Establish, Direct, administrate and oversee daily operations of the Office of HIPAA Privacy and Security. Established Privacy & Security Program through planning and implementation of all aspects of compliance with HIPAA Privacy, Security, and Breach Notification Rule.
• Privacy/Security Awareness/Culture: Foster a culture of privacy & security through education of senior leadership, awareness/education program for wider community, continuous process improvement and standardization. Produce and disseminated Security Awareness Tips, Privacy Awareness materials, and campaigns to reinforce compliance.
• Policy Development: Developed and implemented organizational policies, procedures and processes for the University.
• Member of Leadership Security Policy Committee for University responsible for formulating institutional Security policies
• Program Coordination: Extensive experience liaising & coordinating workgroups with various Key Stakeholders including General Counsel, Information Technology, Network Security, System Administrators, Risk Management, Clinical Leadership, Senior Leadership, and Human Resources.
• Risk Analysis: Oversee performance of HIPAA Security Risk Assessment for medical school.
• Business Associates and Vendors: Established and coordinate business associate contract respository and process.
• Training/Communication: Develop computer based learning (CBL) modules and in-person training sessions for all workforce members. Create informational newsletters and other collateral materials and information campaigns to communicate and train end users on relevant information security and privacy related topics. Produce functional reference tools and guides for the user community in addition to a robust informational website.
• Patient/Public Complaints & Mitigation Process and Rights: Review and facilitate all patient rights related to privacy, security, identity theft, and other related issues
• Breach Notification: Developed standard protocol for responses to Privacy/Security breaches requiring notification. Lead data breach response including preparation of notification letters, setup and development of call center and answer scripts, and provision of credit monitoring services.
• Investigation/Compliance: Direct and investigate Privacy/Security incidents and policy compliance; serve as advocate and liaison for patient rights.
• Compliance Inquiries: Serve as first point of contact and institutional representative for regulatory agencies including Dept of Health and Human Services (DHHS) Office of Civil Rights, and other government inquiries including the US Department of Education.
Sr. Systems Analyst/Training Manager/Policy Writer UM Professional Practice IDX Team 10/1997 – 12/2002
• Management: Managed the UM Professional Practice Revenue Cycle IDX training department including the scheduling and coordination of training sessions.
• Training: Developed system training materials and led system training sessions for the user community.
• Policy Development: Led organizational workgroups for the purpose of effective policy development across the enterprise. Created effective standardized policies for the revenue cycle and other business policies in conjunction with the implementation of the enterprise billing and accounts receivable system.
• Additional: Created standardized processes and forms for process improvement. Develop and design monthly newsletters that communicate current relevant issues to the...
Login or Register to view the full resume.
