Kim Upshaw, CIPP/US, CIPM

Headshot

Drexel University

VP, Compliance, Privacy and Internal Audit Officer

For more than 20 years, Kim has held positions of increasing responsibility in health care compliance privacy, legal, regulatory and risk management organizations serving the academic, acute care, nursing care, behavioral healthcare, physician and pharmaceutical industries. 

As the first Vice President, Compliance & Privacy Officer TridentCare (formerly TridentUSA Health Services), Kim was responsible for establishing and continuing the development, implementation, revision and oversight of the Enterprisewide Compliance and Privacy Program. In this role, Kim served as the focal point for all Compliance Program activities, including health care, HIPAA privacy and security, elder justice, Medicare and state regulatory compliance concerns. Kim also served as the company’s first Chief Diversity Officer, with responsibilities for initiating and establishing diversity and inclusion goals within the organization, setting up the Diversity Council and addressing issues of equity for all employees and associates. 

Prior to joining Trident, Kim served as Associate Director in Marketing Compliance for one of the world’s major biopharmaceutical manufacturers. In this role, Kim implemented an auditing and monitoring program to ensure compliance with FDA labeling requirements and other health care regulatory standards. Kim later served as the Privacy Director for the organization’s global pharmaceutical sector. In that role, Kim was responsible to oversee the implementation of a privacy program that covered more than 60 countries throughout the world. She developed and trained “Privacy Stewards” in each country and guided their navigation and implementation of specific rules and requirements to protect personal data.

Kim has served as an instrumental member the health care compliance and privacy compliance groups at one of the
nation’s four top professional services firms, providing advisory services for the implementation of corporate compliance programs to colleges, universities and academic medical centers. While serving in this consulting capacity, Kim helped to grow the privacy practice from $2 million in annual revenues to more than $10 million annual revenues in less than two years. Kim’s work helped establish methodologies, assessments, compliance program standards, assurance mechanisms, and training and educational materials for the protection of personal information in a variety of industries and business operations. Specifically, Kim helped identify and define the implications of the Health Insurance Portability andAccountability Act (HIPAA) privacy rule on research operations at academic medical centers.  
 
Kim has authored several articles and white papers that offer HIPAA privacy rule implementation strategies for academic and research medicine and has presented on the effects of HIPAA on research privacy. Her article, “The HIPAA privacy rule: practical advice for academic and research institutions” (PMID: 11842502 ) is currently noted as one of the “most cited papers on Academies and Institutes, legislation & jurisprudence” at http://lib.bioinfo.pl/meid:218674/citpmid. She has presented on privacy and data protection at the Fourth, Sixth and Ninth National HIPAA Summit, the 63rd annual conference of the American Medical Writers Association, and numerous academic medical centers and physician groups.  
 
Kim has been an adjunct professor at the Widener University School of Law where she taught a course on Medical Information Privacy to J.D., LLM and Masters Degree candidates. Kim continues to mentor and teach J.D. candidates by participating in the Health Law Program at Drexel University School of Law in Philadelphia, PA, where she is also a member of the Health Law Advisors council. She is currently a member of the International Association of Privacy Professionals (IAPP) Training Faculty, facilitating education and preparation for the Certified Information Privacy Professional-US (CIPP-US) and Certified Information Privacy Manager (CIPM) exams. Kim obtained an undergraduate degree in business administration (BSBA, marketing) from Georgetown University, a law degree (JD) from Villanova University School of Law, and a masters in law (LLM, Health Law) from Widener University School of Law. Kim is a member of the Pennsylvania Bar, and has earned an Associate in Risk Management from theInsurance Institute of America. She is has earned both the CIPP-US and CIPM designations from the IAPP, along with the Certified Compliance and Ethic Professional (CCEP) designation from the Compliance Certification Board.