2009 AMC Conference

Faculty

	Gordon Apple, JD is an attorney in private practice in St. Paul, MN. He works with healthcare clients throughout the country on a wide variety of health law matters. He serves as a member of the AAA and AHLA national Alternative Dispute Resolution panels as a mediator and arbitrator and formerly authored the chapter on ADR for AHLA's Health Law Digest. He has extensive hands-on experience with the legal and policy issues confronting the healthcare industry. He writes and speaks extensively across the nation on a wide range of health law topics. He is a graduate of the University of Wisconsin School of Law and has an AV rating with Martindale-Hubbell.
	William Barnett, PhD oversees life sciences and biomedical research technologies at Indiana University and the Indiana University School of Medicine (IUSM). As the Senior Manager of Life Sciences, he oversees the development and implementation of research technology programs for biological research including high performance computing (HPC) applications, analytical pipelines and genomics research. As the Director of the Advanced IT Core at the IUSM, he oversees the development and management of biomedical applications, including HPC and applications development in support of health care research. As the Director of Information Architectures for the Indiana Clinical and Translational Sciences Institute, he oversees the development of collaborative technologies. He earned his MA and PhD in Archaeology from Boston University.
	Brian Bates, CPA, CHC, MAc is the Corporate Compliance Officer for the University of Alabama Health Services Foundation (UAHSF), where he oversees the day-to-day operation of the Compliance Program for the 1,000+ physician faculty practice plan. Prior to joining UAHSF, he was the Chief Compliance and Privacy Officer for Baptist Health System, where he helped develop, implement and maintain the Systems' Corporate Compliance and HIPAA Privacy and Security programs. He is a frequent speaker on topics such as fraud and abuse compliance and HIPAA privacy regulations. He is certified in Healthcare Compliance (CHC) and is a member of the Health Care Compliance Association.
	William R. "Bill" Braithwaite, MD, PhD is the Chief Medical Officer for Anakam Inc. He was the author of the Administrative Simplification Subtitle of the HIPAA legislation, and then, as Senior Advisor on Health Information Policy at the U.S. Department of Health and Human Services, was a major contributor to the subsequent regulations setting federal standards for healthcare transactions, code sets, identifiers, security, and privacy of personal health information. He currently serves as the Vice Chair of the ANSI Health Information Technology Standards Panel, as a technical advisor to the Health Information Security and Privacy Collaboration, and as Policy Committee Co-chair and member of the Steering Committee of the Markle Foundation's Connecting for Health initiative. A part-time independent consultant, he provides strategic advice on health information policy and serves as an expert witness in HIPAA privacy and security related legal cases.
	Sharon Budman, MS, CIPP is Director of HIPAA Privacy and Security for the University of Miami Miller School of Medicine and serves as its Privacy Ombudsman. She has been involved with HIPAA since its inception and was instrumental in the establishment, development and implementation of the University's Office of HIPAA Privacy and Security. Prior to HIPAA, she held management positions at the Medical School in the Offices of Business Information Management Systems and Clinical Financial Services. She earned the following degrees from the University of Miami: MS ED in University Administration, a BBA in Accounting and a Certificate in Health Care Administration, as well as the CIPP designation of the International Association of Privacy Professionals.
	Jeffrey Carr, JD is a partner with Pepper Hamilton LLP, resident in the Princeton office. He concentrates his practice in commercial litigation and, in particular, disputes involving contracts, business transactions, franchise and distribution, real estate, product liability and environmental law. He also counsels clients on emerging ediscovery and document retention issues. He received his law degree from the University of Pittsburgh School of Law.
	Peter Chesterton, MBA is Chief Privacy Officer and Chief HIPAA Security Official for the University of Rochester Medical Center (URMC). He has held that position since 2003 and is responsible for overseeing and coordinating privacy and information security compliance activities for the academic medical center and related health care facilities that comprise URMC. He is also Senior Director for Resource Analysis and Management at URMC. His previous positions at the University of Rochester include Associate Dean for Administrative and Fiscal Affairs in the School of Medicine and Dentistry (SMD), Director of Finance (SMD), Budget Officer (University of Rochester) and Departmental Administrator (SMD). He holds an MBA from Rochester Institute of Technology.
	Lawrence Cornett, PhD is the Executive Associate Dean for Research in the College of Medicine and the Vice Chancellor for Research at the University of Arkansas for Medical Sciences. In addition, he oversees a research laboratory focused on hormonal regulation of stress responses and is the Director of the Arkansas INBRE, a program funded by the National Institutes of Health to develop biomedical research infrastructure in the state. He earned a BS in Biology from the University of California-Riverside, a PhD in Physiology from the University of California-Davis, and completed postdoctoral training in Reproductive Endocrinology from the University of California-San Francisco.
	Shannon Culp is Manager of Information Systems Security for a large Midwest healthcare system. She is responsible for managing, implementing and maintaining the information security program and disaster recovery for TriHealth, reporting to the CIO and Director of Health Integration Systems. She provides risk-based strategy and direction to the organization. Previously she served as Director of IT Security and Risk for Cintas Corporation where she facilitated PCI Compliance and as Manager of Enterprise Information Systems Security and Disaster Recovery for Sara Lee Corporation. She holds a BA in Business Administration, is a Certified Business Continuity planner, Certified Interchange Network Security Auditor, Graduate of the FBI Citizens Academy, Certified in Homeland Security, and member of Infragard and ISSA.
	Gerald DeLoss, JD is a Principal at Gray Plant Mooty and a member of the Health Law practice group. He focuses his practice on representing medical providers in health IT, HIPAA, medical staff credentialing, fraud and abuse, transactions and regulatory compliance. He received his law degree from the University of Dakota School of Law. He has served as vice chair of the American Health Lawyers Association Health Information & Technology Practice Group since 2006 and was an editorial advisory board member for the Guide to Medical Privacy & HIPAA.
	James DiDonato, MBA-MIS is Information Security Officer for Baystate Health, Inc. His primary responsibilities include maintenance and enhancement of the health system's information security program. He has been employed in healthcare for 18 years, moving from internal audit to information services about nine years ago. In 2000, he assumed primary responsibility for getting Baystate's HIPAA efforts off the ground, and at various times he was the project manager for both the Privacy and Security projects. He is the former chair of the New England HIPAA Workgroup, a WEDI/SNIP regional collaborative, and a member of the Massachusetts Health Data Consortium's Security Officer Forum.
	Mike Dockery, CISSP, CISA is Information Security Officer for the Cincinnati Insurance Companies (CIC). His department is responsible for information security compliance and insurance cyber loss control support. Prior to joining CIC, he was managing partner of a litigation support company, Dockery Associates LLC. He has 30 years of experience in the security industry: 14 years providing security support to defense contractors involved in sensitive military programs and 19 years with the Defense Department. He is a member of the National Society of Professional Insurance Investigators and has over 15 years of experience in insurance investigation.
	Colleen Ebel is the Chief of Information Security at the University of Florida Health Science Center. She oversees the implementation of the information security policies and standards across 45 independent IT operations in six UF health-related colleges, five major UF research institutes and centers, four clinics and two faculty group practices. Prior to this, she was the HIPAA Coordinator for the University of Michigan Health System (UMHS) Medical Center Information Technology division. Before joining the UMHS, she was the Director of IT Support Operations for Borders Group, Inc. the retail book superstore chain, and worked for Electronic Data Systems, starting out as a systems engineer and advancing to Account Manager in the automotive manufacturing industry.
	David Fenstermacher, PhD is Chair and Executive Director of the Department of Biomedical Informatics at the Moffitt Cancer Center. During his tenure in biomedical informatics, he has designed and directed the implementation of several bioinformatics distributed computing systems to support basic and clinical research, including multiple institution research projects. He has also designed data management systems for more specialized projects including integrating clinical, genomics and proteomics data to support studies focused on cancer and other human diseases. He previously established and directed informatics shared resource facilities for more than nine years at UNC-Chapel Hill and the Abramson Cancer Center at the University of Pennsylvania. He received his doctoral degree from UNC-Chapel Hill.
	Stephanie "Malia" Fullerton, PhD is Assistant Professor of Bioethics and Humanities, Adjunct Assistant Professor of Genome Sciences, and a core faculty member of the Institute of Public Health Genetics at the University of Washington. She serves as a co-Investigator with the UW Center for Genomics and Healthcare Equality and a research ethics consultant for the UW Institute of Translational Health Sciences. She obtained her DPhil in Human Population Genetics from the University of Oxford and later re-trained in Ethical, Legal and Social Implications research with a fellowship from the NIH National Human Genome Research Institute. Her research focuses on the ethical and social implications of genetic epidemiological and genomic research, especially as it involves the investigation of traits and diseases disproportionately affecting US-based ethnic minority populations.
	Reed D. Gelzer, MD, MPH is co-founder of Advocates for Documentation Integrity and Compliance, an advocacy, education and consulting resource supporting data quality in electronic documentation systems. With more than 30 years' service to health care, including legal medical records, 11 years in primary care practice, then for an EHR vendor, he now focuses on EHR system data quality and validity, presenting and writing on these topics for national and specialty audiences, most recently as the due-diligence manual How to Evaluate Electronic Health Record Systems. He chaired a Fraud Management project workgroup for the Office of the National Coordinator for Health Information Technology and served on on HL7's EHR Records Management-Evidentiary Support (Legal) Profile Working Group. He received his MD from Wayne State University and Masters in Public Health from the University of Michigan.
	John Hart is the Chief Audit and Compliance Officer for UNC Health Care System, where he oversees the overall audit, privacy, information security and compliance matters. He brings more than 25 years of audit experience to this role, with the primary focus of his experience in healthcare. In 15 years at North Carolina Baptist Hospital he led the Internal Audit function, oversaw the development of the Compliance program, and co-chaired the Operating Committee for the implementation of HIPAA requirements. In 2005 he began reviewing and evaluating these programs in the UNC Health Care System, evaluating the ethical culture, reviewing the processes for monitoring functions, measuring the effectiveness, and meeting standards for audit and compliance programs. His education includes an undergraduate and a graduate degree from UNC-Chapel Hill, and he is a licensed CPA in the State of North Carolina.
	Rosemary Herhold, CPA, CISA is the IT Security Officer for the Duke University School of Medicine and School of Nursing. She is responsible for planning, implementing and monitoring the security processes within the two schools. Prior to joining Duke, she served as Manager of IT Consulting for Packer Thomas & Co., and was a self-employed Information Systems Auditor for six years. She is a Certified Public Accountant in the States of North Carolina and Ohio, and is a Certified Information Systems Auditor.
	Clyde Hewitt, MS is Principal Consultant for the Security Advisory Services at Forsythe Solutions Group. He is responsible for providing security management consulting and ISO 27001 compliance services to Forsythe’s customers and serves as a subject matter expert in eDiscovery, healthcare compliance and security compliance. He has 20+ years of IT and security managerial experience in implementing large scale information systems, including ERP/MRP, logistical, decision support, health informatics, and command and control in both the government and private sectors. He earned his MS in Operations Management from the University of Arkansas. He serves on the NCHICA Board of Directors where he is co-chair of the Education Committee.
	Angel Hoffman, MSN is Chief Compliance and Ethics Officer for MED3000, where she is responsible for the development and oversight of its comprehensive company-wide compliance program. She has 29 years of experience in healthcare which includes over ten years in healthcare compliance and risk management. Prior to joining MED3OOO, she served as both the Director of Compliance for the Corporate Ethics and Compliance Office as well as the Director of the HIPAA Program Office at the University of Pittsburgh Medical Center. She also served as the Manager of Regulatory Reporting for the University of Pittsburgh Physicians Compliance Office. She began her career in Nursing and earned her MSN with a concentration in Health Care Management from La Roche College.
	Sissy Holloman, JD is Special Counsel at Parker Poe Adams & Bernstein LLP. Prior to this she served as Assistant General Counsel for UNC Hospitals for eight years. She is a member of the ABA (Health and Business Law Sections), the NC Bar Association (Health and Business Law Sections) and NC Society of Healthcare Attorneys, and currently serves on the Health Law Section Council of the NC Bar Association. She served as chair of the Contracts Subworkgroup of NCHICA's Privacy and Confidentiality Focus Group. She received her law degree from UNC-Chapel Hill.
	Juany Jardines is Director of Research and Academic Computing at Sloan-Kettering Institute, which is part of Memorial Sloan-Kettering Cancer Center. In her role, she provides technical direction to over 2,000 researchers. Prior to this she served as Manager of LAN Services at Memorial Sloan-Kettering. Her experience includes ten years in the financial industry as Vice President of Prudential Securities and Associate Vice President of Bankers Trust. She has also served as technical instructor for Novell, Bayan Systems and Microsoft. She is a recent graduate of the AAMC Leadership Institute and is currently participating in the Society of Information Management Regional Leadership Forum.
	Michael Kamerick is Director of Academic Research Systems in the Office of Academic and Administrative Information Systems at the University of California San Francisco (UCSF). He is also the Co-Director of Biomedical Informatics for the Clinical and Translational Sciences Institute at UCSF. He has been an active participant in caBIG, EDRN, DOD BCRP, and the CTSA. He is a 24-year veteran of the high technology industry in the San Francisco Bay Area who came to UCSF from private industry. He has held positions in software development, technical consulting, product management, enterprise consulting, and IT management at UC Berkeley, Sun Microsystems, WebLogic, Ventaso, Watermark Venture Partners, and mVortex Partners.
	James Kaylor, MSE is one of two Senior Directors within the Clinical Research Computing Unit at the University of Pennsylvania. His primary responsibilities involve: directing Biomedical Research Computing through the development and implementation of advanced compliant-driven IT infrastructures, systems and technologies; and associated business processes in support of the clinical research mission of the University. Over the past 23 years, he has been responsible for the development, integration and management of various computing facilities, within both government and medical research institutions. He earned his MSE in Technology Management from the University of Pennsylvania.
	Brian Klemm, JD, LLM is Senior Counsel of SAS Institute Inc. He is responsible for global corporate compliance matters, including privacy and information security, and he functions as SAS' Chief Privacy Officer. He is a Certified Mediator in North Carolina, and is the founder and Past President of the Research Triangle Area Chapter of the Association of Corporate Counsel. He received law degrees from New York University and Seton Hall Law School.
	Frank Krahn, CISSP is an Information Security Specialist in the Mayo Clinic Information Security Office. He has 29 years of experience in physical and information security with the Mayo Clinic. He holds numerous certifications, including Certified Information Systems Security Professional, Certified Computer Crime Investigator (Advanced Level), and Certified Computer Forensic Technician (Advanced Level). He is a member of the High Tech Criminal Investigators Association, the High Tech Crime Network and InfraGard. He has served on the editorial review board for the Journal of Computer Crime Investigations and Forensics, is a past board member of InfraGard, and has taught classes for or consulted with various law enforcement agencies including the MN State Patrol, the MN Crime Prevention Annual Meeting, and local, state, and federal law enforcement.
	Larry LaBanc is the Director of IT Security Administration for Novant Health, which operates nine hospitals in the state along with several hundred physician practices in the Carolinas. He has spent the last eight years building the security program at Novant and is responsible for user provisioning and disaster recovery. He serves as co-chair of NCHICA's Privacy and Security Officials Workgroup and chaired its Mobile Device Task Force.
	John Lupton is a Senior Information Security Specialist in the University of Pennsylvania's central Information Systems and Computing Division. In addition to day-to-day security and privacy incidents, his responsibilities include collaborating with other University departments, schools and centers to address issues relating to HIPAA, PCI, risk assessment and copyright compliance. He has been working in personal computing and electronics since 1979, and is a graduate of the University of Texas.
	Douglas Madory, MS is IS Security Manager for Dartmouth-Hitchcock Medical Center (DHMC). He leads the Information Security team in their mission to be a resource for HIPAA Security compliance, security policies and general guidance, contigency planning for IS systems, and interfacing with DHMC leadership and the community on matters of information security. He served as a communications officer in the U.S. Air Force for more than five years. He also worked as a senior research engineer and facility security officer with BAE Systems. He earned his MS in Computer Engineering from Dartmouth College.
	Bradley Malin, PhD is an Assistant Professor of Biomedical Informatics in the School of Medicine and an Assistant Professor of Computer Science in the School of Engineering at Vanderbilt University. He founded and directs the Vanderbilt Health Information Privacy Laboratory, where his team conducts research on, as well as develops, information technologies to protect privacy in electronic medical record systems and biomedical research databases. His investigations into privacy vulnerabilities and protection tools for patient-specific genomic databases have received several awards from AMIA and IMIA. He received his master's in Public Policy & Management, and master's and doctorate in Computer Science from Carnegie Mellon University.
	Frank Manion, MS is Chief Technology Officer and Senior Director for Information Science and Technology at the Fox Chase Cancer Center. In this position he is responsible for technology planning, scientific computing, and advanced technology initiatives. Within the caBIG™ project, he has served as the chairman of the Special Interest Group on Security, was a co-sponsor of the Security Technical Evaluation Whitepaper, and directed the caBIG™ "Security Program Development" project. He currently serves on the AAMC/GIR Task Force on Information Technology Infrastructure Requirements for Cross-Institutional Research. He is a co-founder of the Biomedical Research Institutions Information Technology Exchange (BRIITE), an organization meant to promote interaction between high level life science informaticians working across operational and scientific areas in academic life sciences enterprises.
	Trish Markus, JD is a partner with Smith Moore LLP, where she handles health care regulatory compliance and patient care matters for physicians, hospitals and other health care providers. She has advised North Carolina's first regional health information organization on HIPAA privacy and security issues. She also serves as co-chair of the Legal Work Group for the North Carolina Health Information Security and Privacy Collaboration Project. She received her law degree from Boston College Law School.
	Joanne Martin, JD is Legal Counsel for the Mayo Clinic in Rochester, MN. Her practice areas include professional liability, employment and general health law. As part of that practice, conducting investigations often requires coordination of effort between Legal Counsel, Compliance, IT and Information Management. She is licensed to practice in Minnesota and Florida and is recognized by the Florida Bar as a Board Certified Specialist in Health Law. She earned her law degree from the University of Florida College of Law. She is a member of the American Health Lawyers Association, and the Health Law Sections of the Florida and Minnesota Bar.
	Wayne Martin, MS is Information Systems Security Officer with the University of Virginia Health System. He has 34 years of experience in the healthcare industry, with 20 years in computer technology. His research activities focus on the relationship, if any, between strategic information systems planning, the unified theory of acceptance and use of technology, and the potential of information technology in the healthcare industry. He is also interested in the relationship of organizational culture, relationships, and dynamics in creating agile and flexible IT security processes to align with and support business objectives. He earned his MS in Computer Information Systems from the University of Phoenix.
	Susan McAndrew, JD is Deputy Director of Health Information Privacy (HIP) at the Office for Civil Rights (OCR), US Department of Health & Human Services (HHS). As Deputy Director, she has responsibility for implementing and enforcing the HIPAA Privacy Rule. In addition, the OCR has responsibility for enforcement of the confidentiality protections for patient safety work products under the Patient Safety and Quality Improvement Act of 2005, and the HIP division leads this effort. She has over 20 years of federal government experience with HHS and the Department of Agriculture. She received her JD from Georgetown University Law Center, and practiced law in DC for 15 years before joining HHS.
	Mac McMillan, MA is co-founder and CEO of CynergisTek, Inc., a firm specializing in the areas of information security, regulatory compliance and IT audit. He brings nearly 30 years of combined intelligence, security countermeasures and consulting experience. His philosophy for security is grounded in appropriate solutions, business purpose and knowledge, and common sense application of technology controls. He has worked in the healthcare industry since his retirement from the federal government in 2000 and has contributed to HCCA, AHIA, AHIMA and HIMSS. He currently serves as Chair of the HIMSS Information Systems Security Working Group. He holds a MA in National Security and Strategic Studies from the US Naval War College.
	Michael Minear, CPHIMS is the Chief Information Officer and member of the executive leadership team of University of California Davis Health System, where he directs 350 employees and is responsible for developing and executing a technology strategy that supports the health system's four missions of clinical care, research, education and community engagement. He is also a part-time associate faculty member at the Johns Hopkins University Bloomberg School of Public Health. He has worked in the healthcare industry for over 30 years, and held senior management roles at a software vendor, a large, multi-specialty group practice, community hospitals, and three academic medical centers. He earned a graduate certificate in Biomedical Informatics from Oregon Health & Science University's School of Medicine.
	David Nelson, MS, CISSP, CAP is Chief Information Security Officer for the University of Texas Health Science Center at San Antonio. His responsibilities include leading and managing the various consulting, operating and monitoring responsibilities of the Information Security Program for the University. He has many years of experience working with U.S. federal agencies utilizing various system authorization processes including NIST SP 800-37 (used within FISMA), DITSCAP and DIACAP. As a former Senior Security Consultant with SecureInfo Corporation, he provided guidance to many component and agency representatives regarding how to certify and accredit information systems in order to meet agency mandates such as FISMA. He earned his MS in Network Security from Capitol College and holds CISSP and CAPcredentials from the International Information Systems Security Certification Consortium.
	Chip Nimick, GSEC CISSP is Information Security Officer for Strong Memorial Hospital and Highland Hospital, and Security Manager in the Information Systems Division of the University of Rochester Medical Center (URMC). He is responsible for information systems security policy and standards development, enforcement, and risk assessment for all divisions of URMC and its affiliates. He earned his degree in Computer Engineering from the University of Rochester, where he previously held positions as Director of Academic Computing, ResNet Project Manager, Telecommunications (voice/data) Engineering Manager, Hospital Applications Manager, and Chief Network Architect. He has over 30 years of experience in information systems.
	Lee Olson, CISSP, CISM is the Mayo Clinic Chief Information Security Officer in Rochester, MN, with governance responsibility extending to the Mayo Health System and Mayo group practices in Jacksonsville, FL and Scottsdale, AZ. He has 25 years of experience in the information security field. He previously worked for the Defense Investigative Service of the Department of Defense as an industrial security specialist and regional computer security specialist. He co-authored the article Security and Confidentiality in an Electronic Medical Record which won the HIMSS Article fo the Year award in 1999.
	Marc Overcash is the Deputy CIO for Emory University's Division of Research and Health Sciences IT. For the past year and a half, he has been creating a new central division charged with supporting and advancing the needs of investigators through IT and informatics across Emory. In addition, he is the Biomedical Informatics Program Co-Director of Emory's Clinical and Translational Science Award and adjunct faculty in Emory's Rollins School of Public Health where he teaches courses in applied public health informatics. Prior to this, he worked in multiple roles at the Centers for Disease Control and Prevention, where he led many agency-wide initiatives and contributed to management and deployment of key systems within the Public Health Information Network.
	John Parmigiani, MS is the President of John C. Parmigiani & Associates, LLC. His primary focus is on helping healthcare organizations become compliant with healthcare regulations, in particular HIPAA, and move toward e-health. He has over 35 years of experience in information systems management in both the public and private sectors. The former Director of Enterprise Standards for the Health Care Financing Administration, now the Centers for Medicare & Medicaid Services, he was the chairman of the government-wide HIPAA Administrative Simplification Security and Electronic Signature Standards Implementation Team that created the Security Rule and was a member of the federal committee that oversaw the development and implementation of the HIPAA Transactions & Code Sets and Privacy Rule. He earned an MS in Management Science and Operations Research from George Washington University.
	Phyllis Patrick, MBA is the Compliance and Privacy Officer for Greenwich Hospital, a member of the Yale New Haven Health System in Connecticut. She has more than 20 years of experience in healthcare operations, strategic planning, auditing and compliance. Prior to this, she served as Vice President and Chief Compliance Officer for Hospital for Special Surgery in New York, and as Associate Hospital Director for Mount Sinai Medical Center in New York. She holds an MBA from Cornell University and is certified in healthcare administration and healthcare compliance. She is a Board member of the New England Healthcare Internal Auditors Association and a Baldrige National Quality Program Examiner.
	Rodney Petersen, JD is a Government Relations Officer with EDUCAUSE and the Coordinator of the EDUCAUSE/Internet2 Computer and Network Security Task Force. Prior to joining EDUCAUSE, he served as the Director of IT Policy and Planning in the Office of the Vice President and Chief Information Officer at the University of Maryland. He is the co-editor of a book in the EDUCAUSE Leadership Strategy Series entitled Computer and Network Security in Higher Education. He is also a founding member of the Association of College and University Policy Administrators and the author of A Primer on Policy Development for Institutions of Higher Education and A Framework for IT Policy Development. He writes and speaks regularly on topics related to higher education cyber law and policy. He received his law degree from Wake Forest University.
	Beth Pumo, MBA, CISA, CISM is the Compliance Manager in the University of Michigan Health System (UMHS) Medical Center Information Technology division. Her professional experience includes 25 years of healthcare industry experience in the provider and payer markets as well as other healthcare industry segments. Prior to joining the University of Michigan, she was a Senior Manager with Ernst & Young LLP, functioning as a thought leader in healthcare and privacy while acting as the privacy lead and subject matter expert for Ernst & Young's National HIPAA Team from 2000 until 2003.
	Ishwar Ramsingh MBA, CISSP, CISA, CISM is Information Security Administrator in the Office of HIPAA Privacy and Security at the University of Miami Miller School of Medicine. His responsibilities include HIPAA security compliance, primarily from a policy perspective, and other compliance matters related to privacy, information security and University business. He has been involved in Information technology for the past 17 years. His career began as a programmer/analyst, then branching off to network administration, first with Novell and then with Microsoft products. He holds an MBA (with a specialization in Computer Information Systems) and CISSP, CISA and CISM certifications.
	Todd Robinson is the Senior Network Administrator for Duke Clinical Research Institute (DCRI). His job responsibilities include strategic planning, evaluation of new technologies, remote access, VMware and SAN. He earned his degree in Computer Science from NC State University. Prior to joining DCRI in 2000, he was the Network Administrator for Square D Company.
	Laura Lyman Rodriguez, PhD is the Acting Director for the Office of Policy, Communication & Education and the Senior Advisor to the Director for Research Policy at the National Human Genome Research Institute (NHGRI), National Institutes of Health (NIH). She works to develop and implement policy for research initiatives at the NHGRI, as well as trans-NIH programs. She is interested in the policy and ethics questions related to the inclusion of human research participants in genomics and genetics research, and the policy and organizational issues associated with the development and establishment of strategic partnerships. She earned her doctorate in CellBbiology from Baylor College of Medicine in Texas.
	G. Michael Runnels, CISSP is Information Security Officer for the University of Texas Health Science Center at San Antonio. His key responsibilities include developing policies, procedures and training for the Center. He specializes in developing general and targeted training and awareness products for the entire University, and is also the primary cyber-investigator for the University's Police Department. He came to the University after 25 years in the Air Force, and spent the last eight years building the University's Information Security program from scratch. He holds CISSP, CISM, CHSP and SANS GSE certifications, and is currently honing his forensics skills. He is an active member of (ISC)2, ISSA, ISACA and the FBI's InfraGard program.
	Kevin Savoy, MBA, CPA, CISA, CISSP is Director of Information Technology Audits for the University of Virginia. He has over 20 years of experience in IT operations and audit in government and private industry. Previously, he was IT Security Audit Director for the Auditor of Public Accounts for the Commonwealth of Virginia. He also spent ten years automating retail and hospital pharmacies for two major pharmaceutical wholesalers. He is a frequent speaker on a variety of IT security and audit topics to professional organizations.
	Dennis Schmidt, MS, CISSP is Director of the Office of Information Systems at the UNC School of Medicine. He also serves as the school's HIPAA Security Officer. Prior to joining UNC ten years ago, he worked for SAIC as the Technical Director for a systems support team at Fort Bragg. He is a retired naval officer with 24 years of service as a pilot of the P-3C Orion antisubmarine warfare aircraft. He holds an MS in Computer Science from the Naval Postgraduate School and is a Certified Information Systems Security Professional.
	Eric Schmidt, CISSP, CISM is the Chief Security Officer for the Indiana University School of Medicine. His responsibilities include leading various information security initiatives within the School of Medicine and IU Health Sciences to ensure the school remains in compliance with University and affiliated entity security policies and procedures, as well as state and federal regulations. Prior to this, he was a senior manager with Ernst & Young LLP assigned to their Security & Technology Solutions practice. He also served for 21 years in the U.S. Air Force. Upon his retirement from active duty he was serving as Director of Computer Crime Investigations and Operations, where he provided operational oversight and leadership for all high technology criminal and counterintelligence investigations and operations for the Air Force.
	Soumitra Sengupta, PhD is the Information Security Officer of the NewYork-Presbyterian Hospital and Columbia University Medical Center. He also holds the position of Assistant Clinical Professor in the Department of Biomedical Informatics at Columbia University. He has been associated with the Informatics development work at the Medical Center for past 19 years in the areas of networking, information integration, user interfaces, information security, and distributed application development and operations. His current operational and research interests are in the areas of distributed systems and information security systems, and their application in the health care environment. He has published and presented tutorials in these areas.
	Christa Stilley Poe, MBA is the Director of Electronic Commerce with Duke University's Treasury and Cash Management. In her position, she serves as the enterprise lead for all Duke e-commerce initiatives, including traditional point-of-sale and web-based credit card operations. She ensures adherence to e-commerce best practices campus-wide, including legal, security, regulatory and banking aspects. She has successfully led a cross-functional team in a comprehensive process for standardizing e-commerce across campus. She is responsible for facilitating PCI-DSS compliance for approximately 240 Duke merchants. Christa holds an MBA and has 14 years of experience in a university setting. Prior to working in Duke's Treasury office, she held positions within Duke's Office of Information Technology as a Business Operations Manager and e-Commerce Consultant.
	Donald Sweezy, MS, CISSP is a Senior Security Analyst in the Information Security Office of the Duke University Health System. He has developed enterprise security tracking software, designed the implementation of HIPAA security policies, and created compliance tracking methodologies. His information technology and security experience began more than 20 years ago, with the US Department of Defense, and continued through a career at Verizon as a technical leader and service manager for multiple healthcare clients. He holds an MS in Information Technology from Cappella University.
	Juliann Tenney, JD is the Institutional Research Compliance Officer, Director of the Institutional Research Compliance Program and Privacy Officer at UNC-Chapel Hill. Prior to this, she served as the first Director of the Duke University Institutional Ethics and Compliance Program, and before that, as Associate Dean at the Duke University School of Medicine, where she designed and led the compliance initiative for six years. She earned her law degree from Duke University, where she occasionally serves as a senior instructor in the "Program in Non-Profit Management," teaching courses that address legal issues confronting tax-exempt organizations. She also serves on the faculty of the Health Care Compliance Association's Research Compliance Certification Academy.
	Michael Vigoda, MD, MBA is Director of the Center for Informatics and Perioperative Management in the Department of Anesthesiology at the University of Miami. He is a board certified pediatrician and anesthesiologist and has has practiced pediatric anesthesia since 1994. He received his master's in Computer Science and medical degree from the University of Wisconsin-Madison. While serving as chief of Pediatric Anesthesia at the Children's Medical Center at the Medical College of Georgia, he obtained his MBA. His current research interests include the use of EMRs in helping physicians provide quality care as well as the medico-legal ramifications of using EMRs.