Expert Details
Privacy and Security Compliance: HIPAA, GDPR, PIPEDA, SOC 2, CCPA/CPRA, ISO, PCI, and State Privacy Laws
ID: 739275
Oregon, USA
In her work as a consultant, Expert partners with client legal departments to help them accurately guide their clients through complex legal issues relating to implementing tech laws in business environments. She is a Central Table member of the Oregon DOJ's Consumer Privacy Task Force since 2020, where she works with the DOJ's policy team to develop consumer data protection laws like CCPA and regularly testifies to the legislature as a technology expert. She has successfully guided clients through OCR HIPAA investigations and audits.
Expert's subject matter expertise includes HIPAA, GDPR, PIPEDA, SOC 2, CCPA/CPRA, ISO, and PCI. She is a public speaker who has been requested to speak locally and nationally by the American Bar Association (ABA), Lewis and Clarke Law School, the International Association of Privacy Professionals (IAAP), and many more organizations.
Education
| Year | Degree | Subject | Institution |
|---|---|---|---|
| Year: 2011 | Degree: B.S, B.A | Subject: Human Development, Psychology | Institution: University of California |
| Year: 2011 | Degree: Technical Certification | Subject: EMT-B | Institution: Sierra College |
Work History
| Years | Employer | Title | Department |
|---|---|---|---|
| Years: 2015 to Present | Employer: Undisclosed | Title: Owner/Principal Consultant | Department: |
Responsibilities:Small business owner and HIPAA compliance consultant working with local and international organizations to develop and maintain comprehensive compliance management programs.- Communicating with executives, decisions makers, and compliance officers to customize compliance activities, and balance varied and complex regulatory requirements with the business’ needs, limitations, and compliance objectives - Conducting thorough information system and compliance scoping discovery exercises involving analyzing applicable regulatory requirements, interviewing stakeholders and technical teams, and reviewing and producing documentation to guide compliance activities and business decisions - Implementing compliance controls such as policies, procedures, and training - Conducting internal risk assessments, developing third party risk reports, guiding risk management activities, and preparing clients for CPA audits - Supporting clients through incident response, breach notification, and OCR audits |
|||
| Years | Employer | Title | Department |
| Years: 2011 to 2015 | Employer: Cambria Solutions, Inc. | Title: IS Analyst and HIPAA Compliance Officer | Department: |
Responsibilities:Led evolution of a small IT department to a mobile, managed, and scalable information system through periods of firm-wide hyper-growth. Developed and executed HIPAA compliance program that achieved compliance within 6 months and allowed Cambria to enter into the HHS industry as healthcare technology consultants.As Information Systems Analyst: - Migrated data, designed new organizational structure, implemented, and trained staff on SharePoint 2010 • Lead or managed 8 firm wide information technology projects that prepared for or addressed growth needs • Wrote, implemented and enforced IT policies and procedures - Created custom information management solutions for internal teams - Developed, configured, maintained, automated, and upgraded internal information systems As HIPAA Compliance Officer: - Understood and ensured compliance with HIPAA & HITECH regulations and contractual obligations - Developed, implemented, and enforced HIPAA policies and procedures - Developed and delivered role based training programs on HIPAA policies and compliance - Implemented required safeguards, performed risk analyses, and created compliance documentation |
|||
| Years | Employer | Title | Department |
| Years: 2011 to 2012 | Employer: Spatial Informatics Group | Title: Operations Coordinator | Department: |
Responsibilities:Employed technology and business infrastructure strategies to facilitate the communication of employees of a virtual office.- Designed, developed, and administered SharePoint 2010 - Developed operational methodologies, policies and procedures, and materials for user enrollment and training - Analyzed business processes and implemented optimizations for a virtual environment |
|||
Additional Experience
| Expert Witness Experience |
|---|
| She is a Central Table member of the Oregon DOJ's Consumer Privacy Task Force since 2020, where she works with the DOJ's policy team to develop consumer data protection laws like CCPA and regularly testifies to the legislature as a technology and regulatory expert. She has successfully guided clients through OCR HIPAA investigations and audits. |
Career Accomplishments
| Associations / Societies |
|---|
| - OR Attorney General's Consumer Privacy Task Force, Central Table Member (current) - International Association of Privacy Professionals (IAPP), Member and presenter for CE credits (current) - Technology Association of Oregon (TAO), Member and presenter (current) -Oregon Bioscience Incubator (OBI), BioMentor (current) |
| Licenses / Certifications |
|---|
| Technical Certification, EMT-B (2011) Sierra College |
| Publications and Patents Summary |
|---|
| Numerous articles written from 2015 to 2022. |