2012 May - Trends & Challenges in Healthcare IT Security, Compliance and Audit

When: May 2, 2012  1:30 p.m. to 4:00 p.m.

Where: RTP Headquarters

CPEs: Upto 3

Materials: Handout 1  Handout 2 Handout 3 Handout 4

Registration: Through website

Session I - Chapter Elections

Session II - Trends & Challenges in Healthcare IT Security, Compliance & Audit

Opportunities and challenges abound, as privacy, security and regulatory compliance concerns permeate every segment of the health industry. ISACA RTC will host a panel discussion on trends and challenges in healthcare IT security, compliance and audit. In this panel discussion, healthcare professionals from Duke, UNC and other leading healthcare systems in the area will join us to share their insight and lessons learned.

Panel Participants: Mark Phillips, Jacqueline Gillie-Buntyn, Marjorie Ford, Joan Podleski and Judy Baker

Mark Phillips, Directory of Internal Audits, Duke University:

As the Director of Internal Audits - IT at Duke University and Duke University Health Systems, Mark is responsible for all IT audit activities and reports the Executive Director of Internal Audits.

Prior to joining Duke in June 2006, Mark had nine years of experience with the Sara Lee Corporation.  In this role, he managed the IT audit function for 10+ domestic and international entities across North America, Mexico, Central America, and Japan as well as corporate office, a shared business services center, and a data center.  Mark also worked with senior management in the development and implementation of an approach for IT compliance to the Sarbanes-Oxley Act of 2002.

Mark holds a Bachelor degree in Business Administration from East Tennessee State University and is a member of the IIA and ISACA.  Mark is a CIA and CISA.


Jacqueline Gillie-Buntyn

Jacqueline Gillie-Buntyn was the Chief Information Officer and Information Security Officer for the Naval Hospital, Cherry Point for 21 years.  In this role, she provided policy direction, leadership, and oversight of the day-to day functional activities of the Information Management Department including network infrastructure, information security, desktop computing resources, and telecommunications that supported multiple tenants onboard MCAS Cherry Point.

Jacqueline holds a Master of Business Administration from Columbia Southern University, Bachelor of Science in Computer Science from Bradley University, Bachelor of Science in Management/Logistics from Park University, and an Associate Applied Science in Paralegal Technology from Carteret Community College.  She is a CISSP, CRISC, CISM, FITSP-M, and Security+.


Marjorie Ford, Informatio Security Analyst, Thomson-Reuters Healthcare

Marjorie is the Senior Information Security Analyst with Thomson Reuters Healthcare’s Security Management Team.  She specializes in integrating Application Security into the system development process, Application Security Training, and HIPAA, HITECH and SOX Compliance. Her18 years experience in Healthcare, Government, and Financial vertical markets includes such clients as Fidelity Investments, NC Department of Health and Human Services, GSK, and Quintiles.

Her current certifications include Certified Information Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Fraud Examiner (CFE). She has obtained Microsoft (MCSD, MCSE) and Novell certifications (MCNE).



Joan M. Podleski, Director of the Institutional Ethics & Compliance Program, Duke University

Ms. Podleski has been involved in academic management for over 25 years. Since August of 2007, she has been at Duke University as the Director of the Institutional Ethics & Compliance Program. In that role, Ms. Podleski is responsible for coordinating compliance risks across the entire academic enterprise, supporting an institutional culture of compliance, and ensuring that appropriate compliance programs and plans are in place for the over 400 regulatory issues that apply to the institution.

Ms. Podleski has spoken at academic medical and compliance association meetings on topics ranging from compliance, change management and service oriented operational models. She has also made presentations and published articles on the HIPAA privacy regulations and their impact on research, clinical operations and facilities.  She helped to write the Health Care Privacy Certification exam sponsored by the Health Care Compliance Association (HCCA) and is a faculty member for the HCCA academy given three times a year to candidates for the certification exam.


Judy Baker, HIPAA Security Compliance, UNC Health Care

Judy’s current responsibilities include HIPAA Security Compliance for UNC Health Care.  Judy has twenty-seven years of internal/IT audit, information security and privacy experience with 20 years in healthcare.  Ms. Baker served as the Information Security and Privacy Officer for UNC Health Care System and headed up UNC Health Care Systems’ HIPAA Implementation Project.  “Before HIPAA” Ms. Baker established the Information Security Administration Department in 1996 and the IT Audit function for UNC Hospitals in 1991.  As part of her role in Information Security she developed and implemented a Hospital-wide Information Security Program, which included the development of security policies, procedures and standards, centralization of security administration, Chair of UNC Hospitals Information Security Steering Committee, Chair of UNC Hospitals Security Incident Response Team, and development and performance of Information Security education for UNC Hospitals’ workforce.  

Judy has a business degree in Information Systems and Management from Appalachian State University and obtained her Certified Information Systems Auditor (CISA) certification in 1991.  Further, she has been an active member of the NCHICA Privacy and Security Officers Workgroup and local chapter of ISACA.