Board of Advisers

Our exclusive board of advisers guides this site’s coverage of security, fraud, privacy, risk management and other key issues. These experts provide input about the latest hot topics and contribute insight for news coverage, podcast interviews and guest blogs. They regularly offer expert advice about regulatory compliance and the current threat landscape, as well as provide insights about risk management strategies and security technologies.

Dixie Baker

Dixie Baker

Partner, Martin, Blanck and Associates

Baker became a Senior Partner with Martin, Blanck & Associates in 2012. Since May 2009, Dr. Baker has served as a member of the Health Information Technology (HIT) Standards Committee (HITSC), a Federal Advisory Committee (FACA) created by the American Recovery and Reinvestment Act of 2009 to advise the Office of the National Coordinator for Health Information Technology (ONC). She chairs the HITSC's Privacy and Security Workgroup and the Nationwide Health Information Network (NwHIN) Power Team. She also serves on the HIT Policy Committee's Privacy and Security Tiger Team, which advises the ONC Chief Privacy Officer regarding national policy to protect the security of electronic health information, and the privacy of healthcare consumers.

Charles Christian

Charles Christian

CIO, St. Francis Hospital

Christian, who has more than 40 years of healthcare experience, is the 2015 chairman of the College of Healthcare Information Management Executives, an executive organization that serves CIOs and other senior healthcare IT leaders. Christian is the former chairman of the board of the Healthcare Information and Management Systems Society, an association of information technology professionals. He was CIO at Good Samaritan Hospital in Vincennes, Ind., for 23 years before joining St. Francis Hospital in Columbus, Ga., in January 2013.

Eric Cowperthwaite

Eric Cowperthwaite

Vice President, Core Security Inc.

Prior to joining Core Security in 2013, Cowperthwaite was CISO of Providence Health & Services, where he was responsible for the information security governance and risk management efforts of the Seattle, Wash-based healthcare provider, which has 250 clinics and 27 acute care hospitals. Before joining Providence in 2006, Cowperthwaite was a consultant at EDS. He also worked in a variety of information security positions in the financial sector and the U.S. Army.

Devor Culver

Devor Culver

CEO, HealthInfoNet

Culver, before joining HealthInfoNet in 2006, was CIO at Eastern Maine Healthcare, an integrated delivery network. He formerly held senior management positions at Eclipsys Corp. and Cerner. He has served on Maine's State Information Systems Advisory Board and was co-chair of the Governor's Task Force on Telemedicine. He's also served on the Certification Commission for Health Information Technology's task force on health information exchange networks and the American Health Information Management Association's state-level health information exchange steering committee.

Brian Evans

Brian Evans

Principal Consultant, Tom Walsh Consulting

Evans is a principal security and privacy consultant at Tom Walsh Consulting. Previously, he was information security officer at The Ohio State University Health System, Atlantic Health, Fletcher Allen Healthcare, New York Hospital Queens and University of Alabama Birmingham Health System. He also led the incident response and computer forensic investigations teams for Nationwide Insurance and was vice president of IT risk management at KeyBank and JPMorgan Chase. Evans started his career as a medic in the U.S. Air Force.

Sharon Finney

Sharon Finney

Corporate Data Security Officer, Adventist Health System

Finney sets the data security strategy to ensure the confidentiality, integrity and availability of the 37-hospital system's information assets. Adventist Health System supports 43 campuses and include more than 7,700 licensed beds, providing care for four million patients each year in inpatient, outpatient and emergency room visits. Prior to joining Adventist Health System, Finney spent four years in healthcare security management for Dekalb Medical Center in Atlanta, Ga. She also worked for major U.S. organizations as an information technology consultant where she developed skills in compliance and risk management and technical expertise in system architecture, database administration, data migration and security.

Adam Greene

Adam Greene

former Regulator, U.S. Department of Health and Human Services; Partner, Davis Wright Tremaine LLP

Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. He primarily counsels health care providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Greene was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, he was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Greene is the Chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues.

John Houston

John Houston

Vice President, Privacy and Information Security, and Associate Counsel

Houston is vice president, information security and privacy, and associate counsel for University of Pittsburgh Medical Center, an $11 billion health system. At UPMC, Houston handles such issues as privacy, information security and legal matters associated with the acquisition, licensing and use of technology. He is an adjunct assistant professor in the department of biomedical informatics at the university's school of medicine.

Mark Olson

Mark Olson

CISO, Iron Mountain

Before joining Iron Mountain in 2013, Olson served for 10 years as CISO at Beth Israel Deaconess Medical Center in Boston, where he was vocal in encouraging regulators and manufacturers to improve medical device security provisions and safety problem reporting. Olson previously has held various engineering and management positions at NCR, Digital Equipment Corporation (now HP), Electronic Data Systems (now HP) and Callisma (now AT&T Professional Services).

Christopher Paidhrin

Christopher Paidhrin

Chief Information Security Officer, City of Portland

Prior to his role at the City of Portland, Paidhrin was the security administration and integrity manager in the compliance division of PeaceHealth, a healthcare delivery system in the Pacific Northwest, where he worked for 14 years. He previously served as PeaceHealth's IT security compliance officer. Prior to PeaceHealth, Paidhrin worked for many years in IT and business operations in higher education, the private sector and entrepreneurial environments, where he has held numerous director-level positions. He has also presented at numerous industry events.

Shelia Searson

Shelia Searson

Privacy Officer, UAB Medical Center

Prior to transitioning to her current post, Searson served as program director in UAB's HIPAA Office, where she was a member of the HIPAA team responsible for communicating and initiating activities needed to comply with the HIPAA Privacy Rule and Security Regulations for UAB as well as the UAB Health System HIPAA-covered entities. Her professional affiliations include the International Association of Privacy Professionals, through which she is a certified information privacy professional, and the American Health Information Management Association.

Tom Walsh

Tom Walsh

President, Tom Walsh Consulting

Walsh, CISSP, is president of Tom Walsh Consulting firm that advises healthcare organizations on risk management strategies, risk analysis, disaster recovery planning, security training, and remediation activities. Walsh also serves as information security officer at San Antonio Community Hospital on an outsourced basis. He serves as the information security consultant for several organizations including a community-based hospital, a multi-hospital health system, and a large physician organization. Prior to starting his own business nine years ago, Walsh's experience included being the first information security manager for a large, multi-hospital healthcare system in Kansas City.