Prior to joining Ankura, Ruby advised clients on developing privacy programs and the effectiveness of existing privacy and compliance programs, as well as the protection and storage of sensitive information for healthcare organizations and HIPAA-regulated business associates. Ruby also has experience as a compliance officer at a number of medical institutions.
Ruby’s professional experience includes:
- Implemented a HIPAA privacy program for medical device company, operating as a business associate, including drafting of all HIPAA privacy, security, and breach notification policies, performing HIPAA security risk assessment.
- Served as interim HIPAA privacy investigative management for hospital system, including conducting HIPAA breach analyses and logging potential incidents.
- Served as an interim privacy director for a major university healthcare system.
- Performed HIPAA security risk assessment for hospital system in response to security incident and privacy program enhancements.
- Advised on the development and maintenance of a comprehensive compliance program and HIPAA privacy program for private academic medical center and university, including a dental school; advised on processes to ensure federal and state compliance with privacy and healthcare requirements.
- Advised on the drafting and maintenance of healthcare compliance and privacy policies and procedures; provided consultative services on dissemination, interpretation, and application of policies.
- Advised on conducting investigations of potential federal and state privacy and security breaches; assisted in the drafting mitigation and corrective action plans for submission to the Office for Civil Rights, in coordination with applicable business associates.
- Advised on issues relating to privacy and patient confidentiality to providers, medical staff, administrative leaders, and patients.
- Advised on the design of multiple monitoring programs and risk assessments of privacy and security risks and potential breaches, including identification of potential unauthorized access to the electronic medical record.