I work at the intersection of Healthcare Technology Compliance and AI governance: ONC certification strategy, HITRUST validated assessment support, and AI governance program development under ISO/IEC 42001 and the NIST AI Risk Management Framework.

Background

Fourteen years inside Drummond Group’s ONC-Authorized Test Lab and Certification Body, supporting roughly 100 Health IT developers through more than 200 test events and assessments. Roles ranged from Health IT Test Proctor to Senior Cybersecurity Assessor in HITRUST Services to Senior Program Engineer in Research, Innovation, and Development. The last role focused on emerging certification programs (FHIR Client Applications, pediatrics, alternative testing methods) and the regulatory analysis behind growth strategy.

Areas of work

HealthIT Compliance

  • ONC certification: HTI-1 implementation, quarterly ONC-ACB attestations, Real World Testing, Conditions of Certification, USCDI v3 to vNext path, CMS-0057 / HTI-4 electronic prior authorization readiness, HTI-5 deregulation analysis, follow-on rulemaking
  • HITRUST validated assessment: e1, i1, and r2 readiness and validated assessments; gap analysis; policy remediation; MyCSF administration; PRISMA scoring; QA response
  • HIPAA Security Rule analysis, with AI overlay where Predictive DSI obligations interact with HIPAA risk requirements

AI governance

  • Credited contributor to the Coalition for Health AI Responsible AI Guide (Appendix 3: Privacy and Cybersecurity Profile); author of Appendix 1’s Clinical Operations and Administration use case (Prior Authorization with Medical Coding)
  • Member of the NIST AI Safety Consortium and CHAI working groups
  • Built a cross-mapping between Singapore’s AI Verify Testing Framework, ISO/IEC 42001, NIST AI RMF, and ONC HTI-1 § 170.315(b)(11) source attributes

Credentials

  • HITRUST Certified CSF Practitioner (CCSFP), 2017 (recertified 2024)
  • Certified Information Systems Auditor (CISA), ISACA
  • Master of Science in Cybersecurity and Information Assurance, Western Governors University

Working with me

Most engagements begin with a scoping conversation. The output is a defined deliverable: a regulatory impact assessment, a HITRUST gap analysis, a policy and procedure package, an AI Management System readiness review. I work as a fractional contractor to organizations that need experienced compliance and governance support without scaling an internal team.

Schedule a call.