Fall 2024 Course: Masters of Health Informatics 407-DL: Legal, Ethical, and Social Issueshttps://sps.northwestern.edu/masters/health-informatics/faculty.php

Founded and lead Data Strategy Advisors (DSA), a boutique consultancy dedicated to empowering businesses to innovate through digital governance and compliance strategies. DSA manages high-impact projects, delivering actionable solutions and elevating privacy programs to meet the evolving needs of today’s data-driven landscape. Lead the development and execution of the company's strategic vision, driving alignment with evolving industry trends and client needs.

As Regeneron’s first Chief Privacy Officer, I successfully established a comprehensive and sustainable global Data Privacy Office (DPO), seamlessly integrating legal and compliance frameworks while fostering a company-wide commitment to data privacy. In this role, I not only cultivated a culture where every employee recognizes the importance of the data they handle, but also built a team that balances business priorities with an unwavering commitment to compliance. Additionally, I provided strategic guidance and a governance approach for the adoption of artificial intelligence solutions, chaired the AI Ethics Committee, and served as a member of the AI Advisory Committee, driving ethical AI practices and innovation throughout the organization.

Develop and oversee Danaher’s global data privacy/protection program, and serve as Danaher’s EU Data Protection Officer.

• Partnering with business functions to building strong compliance processes• Identify and manage legal solutions for global data transfers and data processing• Assist Chief Information Officer in developing strategies for IT solutions to ensure alignment between security and privacy• Leading global assessments of data privacy across AbbVie and creating remediation plans• Developing global policies, functional procedures, and training programs• Responsible for providing privacy compliance and legal counsel to AbbVie’s specialty pharmacy • Responsible for driving the development of AbbVie’s vendor due diligence process• Responsible for analyzing and implementing incident response for data breaches • Manage and negotiate complex global IT and commercial contacts• Provide strategy for complex infrastructure and service implementations• Expanded US-EU and US-Swiss Safe Harbor employee data certification to include clinical and customer data, and manage annual recertification (currently implementing solution resulting from European Court of Justice Safe Harbor ruling)• Evaluate and comment on proposed data privacy regulatory and policy initiatives• Serve on AbbVie’s Compliance Council, PCI Governance Committee, PCI Review Board, and Global Policy Counsel

Hired after a year of the role being vacant and managed US privacy concerns during the business separation of Abbott and AbbVie. • Managed Abbott’s Privacy Office, including three senior privacy paralegals.• Partnered with business divisions and functions on a variety of global privacy issues regarding compliance and appropriate use of clinical, customer and employee personal data.• Developed HIPAA Policies for Abbott Covered Entities, and managed the development of their HIPAA procedures and training.• Developed the Abbott Data Breach Analysis Procedure.. • Collaborated with Global Information Security and other stakeholders in the development of the Abbott Incident Response process and policy for handling data security breaches.• Collaborated with IT and Quality Engineering in the development of the Abbott IT Privacy training.• Streamlined the Business Associate Agreement process by developing a centralized escalation process and BAA Negotiation Playbook.• Participated on the Abbott Template Committee.

Promoted to a newly created central role to develop the GE Healthcare privacy structure, provide legal counsel and leadership regarding privacy and data protection concerns.• Operated at a global level across all of GE Healthcare’s products and functions as a subject matter expert and was responsible for leading efforts to accomplish internal compliance and enable company’s compliance with global data protection requirements by leading the GE Healthcare Privacy Center of Excellence in the development of effective solutions & tools, internal policies & procedures, controls, training, awareness, and the overall privacy program.o Developed, obtained global stakeholder approval and implemented GE Healthcare’s Privacy Policy and supporting guidance documentation. .o Collaborated with product, functional, and external experts to manage privacy incident affecting thousands of customers worldwide.o Assessed privacy resource needs and managed 20+ privacy leaders and pivot points globally, dotted-line reports.o Created global privacy and information security training material and strategy.o Developed and maintained GEHC’s Privacy Knowledge webpage.o Collaborated with Quality and Engineering to integrate privacy and security controls in product development.o Collaborated with IT and Sourcing in the development of privacy due-diligence checklists and assessment tools, this impacted all functions across GEHC.o Responsible for standardizing and negotiating privacy obligations in customer and supplier contacts globally.

Hired into a newly created role to provide legal counsel and leadership regarding privacy and data protection issues. • Quickly developed a strategy and credibility as subject matter expert and obtained leadership buy-in and employee awareness about privacy and data protection issues globally. Continually conducted audits of the business and vendors to assess how and where data is used, risk areas and compliance gaps. o Created and maintained comprehensive data protection policies and the privacy program structure.o Lead 50+ employees in the role of a privacy focal point. The privacy focal points maintains conformance with the privacy program within their functional teams.o Developed and frequently delivers a comprehensive training initiative to all employees to raise awareness of their obligation to the appropriate use and protection of data.o Result: Resolved privacy issues, closed gaps and transformed the culture into one that is sensitive about privacy issues and how data is used/maintained.• Collaborated with Product teams throughout the development cycle for numerous new and updated products and services. Provide input and resolve problems with applications and services that manage and control data. Created the Privacy Assessment Compliance tool, which contributed to the successful development of innovative secondary uses of data. Provided expertise in the development GE Healthcare’s Cloud Computing type offerings (IaaS, PaaS, SaaS).• Conducted business-wide audits to assess compliance with privacy/data protection laws and GE’s policies. Monitored processes, operations and systems and resolve any identified issues. • Conducted contract negotiations and develops appropriate standard language and other customer-facing documentation.• Established and administered a process for identifying and mitigating complaints and data breaches. Investigates and resolves issues and communicates with employees and customers where appropriate.

Hired into a newly created role to provide legal counsel and leadership regarding privacy and data protection issues for a $18B division of GE. -Quickly developed a strategy and credibility as subject matter expert and obtained leadership buy-in and employee awareness about privacy and data protection issues. Conducted an audit of the business to assess how and where data was used, risk areas and gaps. --Created comprehensive policies and privacy program. --Developed and lead 50+ employees in the role of a privacy focal point. The privacy focal points maintains conformance with the privacy program within their functional teams.--Developed and delivered a comprehensive training initiative to all employees to raise the awareness of privacy issues and raise awareness with the policy.--Result: Resolved privacy issues, closed gaps and transformed the culture into one that is sensitive about privacy issues and how data is used/maintained.-Collaborate with Product teams throughout the development cycle for numerous new and updated products. Provide input and resolve problems with applications and services that manage and control data.-Conduct business-wide audits to assess compliance with privacy/data protection laws and GE’s policies. Monitor processes, operations and systems and resolve any identified issues. Provides guidance and conducts contract negotiations, and verify appropriate standard language is used in contracts and other documentation.-Established and administer a process for mitigating complaints and data breaches.-Monitor new privacy and data protection laws (Federal, state and International). Considered a subject matter expert on privacy and data protection laws: contribute to white papers, interviewed for articles and speak at conferences. Advises government affairs function on legislative policy and advocacy.-Finalized the approach for EU privacy compliance by instituting a EU model contracting process.

Focused on providing legal support to the Health Privacy Project within the CDT.