Assist BU community with compliance requirements, including research contracts, state, and federal legal requirements.

• Work with stakeholders to improve policies, including university HIPAA and information security policies, research policies and templates, and clinic level procedures• Lead and manage the university HIPAA Information System Activity Review procedure• Work with clinic directors, IT, and other stake holders to implement new security controls and regular audit activities• Assist research contract review offices by explaining security requirements and recommending changes to Data Use Agreements• Provide guidance to researchers on Data Use Agreement compliance, and coordinate security control enhancements, such as HIPAA, HIPAA Limited Data Set, NIST 800-53, NIST 800-171, 21 C.F.R. Part 11, GDPR• Conduct risk assessments of internal systems as well as third-party systems (e.g., SaaS)• Coordinate audits by third parties, including HIPAA and CMMC• Work on enterprise risk management activities, such as identifying risks, determining risk level, and recommending corrective actions • Orchestrate completion of corrective action plans • Provide live training, sometimes in coordination with Boston Medical Center • Create a plethora of LMS training, such as HIPAA for clinics, Data Center Training, and HIPAA for researchers, in coordination with the Privacy Officer and other offices• Create regular security reminders • Serve as voting member on one of two BU Institutional Review Boards, and provide guidance on security issues to both• Investigate compliance and information security incidents, and make “breach” determinations, often in collaboration with the Incident Response Team, Privacy Officer, and other departments • Manage and lead a small team

• Investigated complaints and breach reports indicating noncompliance with HIPAA, ADA/Section 504, Title VI of the Civil Rights Act of 1964, Age Discrimination Act, and Section 1557 of the Patient Protection and Affordable Care Act• Provided technical assistance to improve policies, procedures, and practices at hospitals, insurance companies, state agencies, and other health related entities• Resolved most cases with corrective action, such as new or improved policies, and resolved some cases with resolution agreements and corrective action plans• Developed and delivered presentations for a plethora of audiences• Coordinated several joint agency investigations and resolutions, including Department of Justice, Civil Rights Division (ADA/504) and Department of Health and Human Services, Office of Inspector General (Federal False Claims Act)Security Rule Specialist (detail) August 2014 to February 2015, Washington, D.C.• Selected from many applicants to coordinate with the Senior Advisor for HIPAA Compliance and Enforcement and with regional staff on high impact case work involving Security Rule issues • Assisted with development and review of rules and regulations• Developed and delivered investigation guidance and training for regional offices