William Chan,CISSP, CPHIT, CPHIE Minneapolis, Minn. 00000 ♦ 000.555.1212 ♦ wchan@email.com

Healthcare IT Compliance and Security Officer

History of fostering credibility, independence, integrity, confidentiality and trust with patients, healthcare providers, employees and administrators and nurturing a culture of compliance by leveraging in-depth knowledge of HIPAA, regulatory and legal standards, risk and compliance control and hands-on experience with security and architecture of infrastructure systems.

Qualifications Summary

• Won back constituent trust by performing rigorous security risk assessments and utilizing ISO 27001/27002 as a control structure which reduced incidents by 38%.
• Launched an incident investigation program, recommending sanctions as necessary.
• Oversaw the troubleshooting, protection and management of infrastructure systems such as DNS, email, VPN, wireless networks, firewalls and enterprise authentication.
• Architected user identification solution to provide automatic logout for computer workstations in high-traffic clinical areas.
• Authored, administrated and delivered an in-depth training program that communicated security-related concepts and rules to a broad range of technical and non-technical staff.

Toolbox

Storage Area Networks, VMware, Citrix, Virtual Desktop Applications, Tape Backup Units, Business Continuity and Disaster Recovery(BC/DR), MS Office, Windows 2003/08, Web Applications, Wireless Networks, Shell Scripting, EMR/EHR Technology, Enterprise Network Architecture Framework, Network Engineering

Communication, Prioritization, Security, Disaster Recovery & Continuity Planning, Multi-Tasking, Project Management, Commitment to Excellence, Risk Analysis and Audit, Privacy Laws, FCPA, HIPAA, Export Control Act

Professional Experience

University Health Systems2008 to present Garnered two promotions by improving data security and HIPAA compliance, reversing a history of incidents that violated the trust of key constituents at this top-rated university healthcare organization consisting of three hospitals and six clinics. IT Compliance and Security Officer

• Commissioned an audit as part of a comprehensive effort to review and strengthen information security, compliance and privacy policies.
• Devised a strategic plan for information security risk management to meet regulatory requirements and audit recommendations that received unanimous support from the chief security officer, CIO, medical practitioners and the board of trustees.
• Composed and deployed a unifying governance standard encompassing all applicable elements of HIPAA. Authored and delivered HIPAA training to employees and managers.
• Authored, implemented and oversaw an enterprise-level incident response plan.
• Investigated alleged non-compliance issues and audited and monitored key activities.
• Emboldened the exception management process by tracking policy exceptions, working with security architects to evaluate requests, coordinating responses and reviewing requests for renewals.
• Commissioned robust configuration changes for perimeter security devices.
• Developed and implement a revitalized work plan reducing compliance and security costs by 18%.

Architect, Security Operations Spearheaded an initiative to improve data security and privacy while serving as an architect focused on security operations.

• Developed a remediation plan that reduced risk by 58% through diligent execution of penetration testing and security assessments.
• Researched, planned and implemented business process and technical controls that reduced data loss, compromised and unauthorized access by 22%.
• Collaborated with other systems architects to design and develop infrastructure to support physicians, hospitals and post-acute organizations while protecting privacy and security.
• Interfaced with Architecture Review Board to ensure that architecture risk was properly classified and mitigated.
• Initiated threat management and security incident handling program that aligned patient needs and regulatory requirements with our compliance objectives.

IT Solutions Architect Conducted information security assessments, developed risk remediation plans while developing architectural blueprints/service patterns and overseeing the delivery of healthcare solutions, including evaluation and assessment of new projects, change controls and defects. MegaScripts, Solutions Architect2005 to 2008 Designed and implemented a comprehensive technical infrastructure that improved security and performance by diagnosing and resolving weaknesses in the existing applications architecture. Helpful Pharmacies, Security Engineer and Architect2000 to 2005 Responsible for network infrastructure design, implementation planning, deployment support, software strategy, system troubleshooting, performance engineering and optimization and maintenance strategy.

Education, Certifications and Recent Training

Bachelor’s Degree in Computer Science and Engineering, University of Minnesota Certifications: MCSE, CISSP, CPHIT, CPHIE 2013 HIMSS Conference HIPAA Omnibus Rule Symposium 21^st HIPAA Summit