William Chan,CISSP, CPHIT, CPHIE Minneapolis, Minn. 00000 ♦ 000.555.1212 ♦ firstname.lastname@example.org
Healthcare IT Compliance and Security OfficerHistory of fostering credibility, independence, integrity, confidentiality and trust with patients, healthcare providers, employees and administrators and nurturing a culture of compliance by leveraging in-depth knowledge of HIPAA, regulatory and legal standards, risk and compliance control and hands-on experience with security and architecture of infrastructure systems.
- Won back constituent trust by performing rigorous security risk assessments and utilizing ISO 27001/27002 as a control structure which reduced incidents by 38%.
- Launched an incident investigation program, recommending sanctions as necessary.
- Oversaw the troubleshooting, protection and management of infrastructure systems such as DNS, email, VPN, wireless networks, firewalls and enterprise authentication.
- Architected user identification solution to provide automatic logout for computer workstations in high-traffic clinical areas.
- Authored, administrated and delivered an in-depth training program that communicated security-related concepts and rules to a broad range of technical and non-technical staff.
Storage Area Networks, VMware, Citrix, Virtual Desktop Applications, Tape Backup Units, Business Continuity and Disaster Recovery(BC/DR), MS Office, Windows 2003/08, Web Applications, Wireless Networks, Shell Scripting, EMR/EHR Technology, Enterprise Network Architecture Framework, Network Engineering
Communication, Prioritization, Security, Disaster Recovery & Continuity Planning, Multi-Tasking, Project Management, Commitment to Excellence, Risk Analysis and Audit, Privacy Laws, FCPA, HIPAA, Export Control Act
Professional ExperienceUniversity Health Systems2008 to present Garnered two promotions by improving data security and HIPAA compliance, reversing a history of incidents that violated the trust of key constituents at this top-rated university healthcare organization consisting of three hospitals and six clinics. IT Compliance and Security Officer
- Commissioned an audit as part of a comprehensive effort to review and strengthen information security, compliance and privacy policies.
- Devised a strategic plan for information security risk management to meet regulatory requirements and audit recommendations that received unanimous support from the chief security officer, CIO, medical practitioners and the board of trustees.
- Composed and deployed a unifying governance standard encompassing all applicable elements of HIPAA. Authored and delivered HIPAA training to employees and managers.
- Authored, implemented and oversaw an enterprise-level incident response plan.
- Investigated alleged non-compliance issues and audited and monitored key activities.
- Emboldened the exception management process by tracking policy exceptions, working with security architects to evaluate requests, coordinating responses and reviewing requests for renewals.
- Commissioned robust configuration changes for perimeter security devices.
- Developed and implement a revitalized work plan reducing compliance and security costs by 18%.
- Developed a remediation plan that reduced risk by 58% through diligent execution of penetration testing and security assessments.
- Researched, planned and implemented business process and technical controls that reduced data loss, compromised and unauthorized access by 22%.
- Collaborated with other systems architects to design and develop infrastructure to support physicians, hospitals and post-acute organizations while protecting privacy and security.
- Interfaced with Architecture Review Board to ensure that architecture risk was properly classified and mitigated.
- Initiated threat management and security incident handling program that aligned patient needs and regulatory requirements with our compliance objectives.
Education, Certifications and Recent TrainingBachelor’s Degree in Computer Science and Engineering, University of Minnesota Certifications: MCSE, CISSP, CPHIT, CPHIE 2013 HIMSS Conference HIPAA Omnibus Rule Symposium 21st HIPAA Summit