Boston, MA
Dec. 5-7, 2016
CISO and Privacy Officer
Health Partners

Mark Eggleston is a security program management professional with a unique background combining expertise in information technology, program and people management with diverse experience in managed care and healthcare provider systems.

Eggleston started his professional career serving as a Program Manager and Psychotherapist at a hospital serving children and adolescents. While there, he coordinated delivery of services, provided clinical guidance, and managed a cognitive-behavioral program, milieu, and therapy schedules. Also during Eggleston’s clinical career, he supervised several professional analysts responsible for utilization review and utilization management of behavioral health services across the state of Virginia. In addition to interpreting and guiding policy use, he assessed user requirements and collaboratively designed database interface to more efficiently process reviews.

Later, Eggleston helped develop an internal compliance approach, complete with policies and tools, ensuring a geographically dispersed healthcare provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Serving as a consultant, program manager and project manager across the provider organization, he researched, wrote and communicated corporate policies, procedures, guidelines and forms to meet federally mandated privacy and security requirements. Eggleston also created and maintained a corporate web site for organization-wide dissemination of program documents, web conferences and compliance information to ensure effective and timely delivery of compliance resources.

More recently, Eggleston applied his HIPAA expertise to a local health plan by developing a privacy and security compliance program, maintaining compliance with HIPAA’s privacy, security and standardized transaction regulations. As part of this program, Eggleston designed and executed a comprehensive privacy and security education program for all employees to ensure compliance with HIPAA. He was then promoted to direct the health plan’s security and business continuity programs where he has helped to implement an email encryption solution, single sign on (SSO) and secured network drive and folder structure. Other successful endeavors have included the implementation of a quarterly vulnerability and penetration test and regular audits of role based access across disparate systems.

Eggleston received his Bachelor of Science degree in Psychology from Radford University and his Masters in Social Work from Virginia Commonwealth University. Later, he received his Post Baccalaureate Certificate in Management Information Systems. Eggleston earned a Certification in Healthcare Privacy and Security (CHPS) from the American Health Information Management Association (AHIMA) and the Health Information and Management Systems Society (HIMSS), respectively. Additionally, he obtained the GIAC GSEC (Global Information Assurance Certification – Security Essentials Certification) and the Certified Information Security Systems Professional (CISSP) from ISC2.

December 6, 2016
11:00am - 11:45am
Grand Ballroom

When it comes to privacy & security, many of the people, processes, and technology that work today, likely will not be as effective in in a year or two, maybe not even next month. That's the nature of the beast in healthcare's fast growing threat landscape.

In this session, our panel of experienced healthcare security leaders discuss their organizations’ long-term strategic plan. What do they expect their security teams and programs to look like two to five years from today? What new skills must the CISO possess? How will they address and stay head of growing and emerging threats such as malware and the Internet of Things? How will they simultaneously allow access to and secure big data? Will they move to the cloud? Do they expect to outsource more services? What is their approach to consumerism and mobile security?

Wayne Gretzky said, “I skate to where the puck is going to be, not where it has been.”

In this session, attendees will hear the privacy & security equivalent of that quote, and in the process gain insights into how to evolve their own programs.

Get Updates

Sign up to get the latest information on upcoming events.