This document provides a summary of David Loewy's professional experience and qualifications. It lists his contact information and outlines his over 15 years of experience in healthcare IT project management, with a focus on areas such as HIPAA compliance, ICD-10 implementation, and EHR deployments. It also lists his technical skills and software proficiencies.

1. DAVID LOEWY
CARY, NC
919-297-2902
DLOEWY@HCICORP.ORG
PROFESSIONAL SUMMARY:
• Deep applied healthcare knowledge in working with physicians, hospital, and payers
• Demonstrated working relationships with hospital CIOs and IT leadership teams
• Ability to create and communicate compelling visions to senior executives with an ability to
leverage logic, experience, facts, and passion to influence others.
• Understanding of marketplace products, emerging technologies, and applicability to client
environments
• Solicits thought leadership from the team and demonstrates steadfast and sound decision ability in
addressing problems with business solutions
• Exudes exceptional written and verbal communication skills
• Accomplished Certified Project Director with over fifteen years professional experience in the
healthcare industry.
• Subject Matter Expert on HIPAA, Meaningful Use and ICD-10 (US, EC & Asia)
• Proficient in working with remote on and offshore team members and vendors involving software
development, integration and infrastructure deployment projects
• Successfully implemented processes and procedures related to the healthcare industry and
regulatory practices
• Consistent ability and experience to ensure on-schedule and on-budget project delivery.
• Working knowledge of Federal Financial Institutions Examination Council (FFIEC) guidance,
GLBA, Sarbanes-Oxley and other relevant laws and regulations
• Well versed in Disaster Recovery and Business Continuity planning and development
• Knowledge of and experience with industry-recognized information security-related standards
and frameworks such as ISO2700x, COBIT, PCI-DSS, and NIST
• Experience in Regulatory, IT Risk Management and IT Security Policies
• Proficiency with Risk Management Audit Development
TECHNICAL SKILLS & SOFTWARE
SKILLS SOFTWARE
• Certified Project Director • Medicaid • MS Project/Server
• PMI • Medicare • Clarity
• PMBOK • MITA • Primavera
• Waterfall • CMMI • EHS/EMR
• Agile/SCRUM • SDLC • MS Office
• HIPAA Privacy, Security • NIST • SharePoint,
• Hi-Tech Act • MMIS • Facets
• SOX • FISMA • NASCO
• Security Assessment
Development
• ISO 17799 • Cerner
• Gap Analysis • ISO 27001-2005/2013 • Epic
• FDA Compliance • Failure Mode Effect Analysis • Allscripts

2. • Disaster Recovery Planning • Business Continuity Planning •
PROFESSIONAL EXPERIENCE:
HealthCare Informatica Corporation, Cary, NC 05/ 1998 – Present
All projects listed below were done under this corporation
Program Manager
• Oversee ICD-10 compliance and testing oversight for multiple provider practices.
• Provide subject matter expertise related to HIPAA Information Security policy, standards, IT Risk audit
programs for multiple clients (both covered entities and business associates)
• Develop Project Management Office to direct and oversee all activities.
• Develop 58 Information Security and Privacy policies, procedures, standards, and guidelines based on
knowledge of best practices and compliance requirements.
• Project managed implementation of Policies, Procedures, required supporting material including disaster
recovery plans and risk management programs.
• Collaborate with team and stakeholders on the creation, publication, and maintenance of policies,
standards, baselines, and procedures based upon published authoritative sources (HIPAA, NIST and WEDI
etc.)
• Coordinate with risk partners (audit, compliance, legal, risk management) groups to document processes
and communicate related information to stakeholders
• Develop HIPAA Privacy and Security Audit Methodologies
Cleardata (Phoenix, AZ), MedCPU (NY & Tel Aviv. Israel) 02/2015 – 04/2015
HIPAA Privacy & Security SME & Program Manager (contract)
• Formulated program response to HIPAA privacy and security assessment for Merck partner
• Developed and established policies and procedures as required by HIPAA
• Implemented a repeatable risk assessment program
• Designed HIPAA training program
• Managed remediation program both in the States and Israel
CNA Insurance, Chicago, IL 05/2014 – 01/2015
HIPAA Privacy & Security SME & Program Manager (contract)
• Provided subject matter standards and IT Risk programs related to Information Security policies
• Developed repeatable methodologies to support ongoing industry changes for annual HIPAA Privacy and
Security Risk Audit
• Formulated enterprise wide data storage for entire program.
• Conducted 1st Enterprise wide internal HIPAA Risk audit
• Provided audit results document including gaps
• Demonstrated steadfast and sound decision ability in addressing problems with solutions
• Managed strategic vendor relationships (IBM, KPMG, etc.)
• Participated in recruiting, mentoring, and professionally developing a team of best in class security team
members
• Reviewed and approved program remediation proposals (scope, level of effort estimates, and schedules)
and SOWs prior to presentation to corporate management and stakeholders
• Provided management oversight and escalation path to internal relationships while team members are
delivering HIPAA remediation efforts
• Reviewed project deliverables prior to delivery to ensure quality of deliverables were consistent with best
practices and addressed issues , provided recommendations and aligned with CNA strategies
• Developed and maintained policies and procedures addressing access, use and disclosure of protected
health information.

3. • Created and maintained educational materials and programs related to privacy, security, and confidentiality
of protected health information offerings and product offerings.
Hartford HealthCare, Hartford CT 02/2013 –03/2014
ICD-10 Program Director (contract)
• Conducted Organizational ICD-10 assessment
• Designed and implemented Program Office
• Initiated 9 projects work streams
• Developed Governance Templates
• Planned SharePoint program site
• Wrote scope including remediation of 9 facilities and over 3,000 physicians
• Led enterprise wide application data flow and workflow mapping
• Developed enterprise wide program data storage schema
• Turned project over (by design) to FTE
Maine Medical Center , Portland, ME 06/2012 – 02/2013
Senior Project Manager (contract)
• Validated Ernst & Young ICD-10 audit
• Reviewed and revised Disaster Recovery Program
• Launched ICD-10 remediation project
• Designed Implementation Roadmap
• Established remediation budget
• Formulated ICD-10 test strategy
• Introduced remediation organizational structure
• Developed management tools and templates
• Developed weekly/monthly reporting metrics
Roswell Park Cancer Institute , Buffalo, NY 03/2012 – 06/2012
Senior Project Manager short term assessment and audit program (contract)
• Evaluated IT, HIM, Clinical Care, Payers and Finance areas for ICD-10 Impacts
• Reviewed financial processes, clinical Impacts, software systems, existing contracts with payers and other
service providers for ICD-10 impact
• Developed Remediation project plans
• Captured Work flows and data flows for all internal systems
• Surveyed application vendors for ICD-10 plans and implementation scenarios
• Assigned vendor risk and developed amelioration plans for commercial systems and interfaces
CHS (Community Health Systems), Nashville, TN & Foley AL & Galesburg, IL 01/2011 – 03/2012
Senior Project Manager, Meaningful Use EHR Deployment (contract)
• Managed hospital executive and physician expectations with the on the ground medical staff including
nurses and technicians, work in partnership with the ground technical resources to include systems analysts
and programmers and collaborate with vendors and support staff in the deployment of the Meaningful Use
EHR
• Managed successfully installation of 6 EMR systems at associated facilities
• Coordinated the efforts of multiple constituencies in a complex organizational environment

4. • Created and executed project work plans and revised as appropriate to meet changing needs and
requirements.
• Coordinated and maintained all documentation, communication and SDLC artifacts through enterprise
wide data storage system.
KCI, San Antonio, TX & Charlotte, NC, Billings, MT & Budapest, Hungary 01/2010 – 01/2011
Program Manager (contract)
• Served as a lead consultant responsible for all aspects of planning, organizing, budgeting and managing of
the HIPAA 5010/ICD 10 EDI system implementation
• Developed and supervised the project requirements, schedule, staffing and budget
• Provided project status reports to senior management, team members, customers, and other stakeholders
Electronic Health Resources, LLC 04/2009 – 01 2010
Senior Healthcare Consultant/Project Manager (contract)
• Maintained Subject Manner Expertise in ARRA (American Recovery and Reinvestment Act of 2009)
HITECH (Health Information Technology for Economic and Clinical Health Act), Medicaid/Medicare
Meaningful Use Incentive Program, Meaningful Use, CHIP (Childs Health Insurance Program), EHR
Certification, ICD 10 and other initiatives
Client: CGI
Senior Healthcare Consultant/Project Manager
• Responsible for CGI’s RFP responses for Massachusetts State Medicaid HIT Request for Quotation which
included:
o Examining interrelationships with current HIT (Health Information Technologies) initiatives and
MMIS (Medicaid Management Information Systems)
o Leading the MITA (Medicaid Information Technology Architecture) Assessment team
o Facilitating the Medicaid Meaningful Use EHR (Electronic Health Recording) Incentive Program
and System Certification
o Developing methodologies and workflows required and presenting to the commonwealth
o Developing Medicaid IQD which included:
o Reviewing and Conduct a Comparative Analysis of multiple State Medicaid HIT plans
o Developing new HIT business areas and associated business processes
o Developing a series of assessment methodologies for the Medicaid Enterprise Certification Toolkit
and provided guidance and checklists to aid in state Implementation States Implementation-
Advanced Planning Document (APD)
District of Columbia Government (Office of CTO) 02/2008 – 03/2009
Senior Project Manager (contract)
• Designed and developed the organization HIPAA 4010 – 5010 transition strategy in more than 140
agencies
• Developed and amended HIPAA associated policies, plans, and procedures
• Implemented preventive compliance measures as it relates to Part 164 of the HIPAA Security Rule leading
to 4010 compliance
• Evaluated the existing District agencies to determine covered entity status and current HIPAA regulations
• Conducted Gap audits and developed risk and impact analysis reports
• Developed and deployed project approach and infrastructure through the organization of external and
internal resources
• Reviewed and revised disaster recovery programs

5. • Hired, managed, and supervised a team of analysts, technology exerts and legal representatives to meet
project goals

6. Country of Mongolia Ministries of Finance & Health 2006 – 2008
International IT Project Management Expert - Healthcare, National Web Portal (contract)
• Designed and implemented Nationwide Project Management Office for all IT initiatives encompassing 37
governmental offices in Mongolia
• Program Managed large scale, multi-customer, multi-vendor and multi-partner healthcare infrastructure
project
• Implemented ICD-10 reporting program
• Served as an advisor to Senior National Stakeholders and vendors
• Designed, developed and deployed National Web Portal (http://www.pmis.gov.mn/gov_eng.htm)
• Developed Disaster Recovery Program
• Reviewed IT infrastructure for Countrywide Healthcare initiative and recommended appropriate portfolio
of software and supporting hardware
• Managed National implementation of hardware and software changes
• Designed and managed full lifecycle of development of custom software incorporating ICD10
Blue Cross Blue Shield of Massachusetts 2005 – 2006
Senior Project Manager - Medicare Part D, CMS Crossover Claims, HIPAA 2006, EOC (contract)
• Maintained a multi-project portfolio (CMS Mandate HIPAA Transactions, Medicare Evidence of Coverage
(EOC), Eligibility and Crossover Claims) with heavy state and federal regulatory orientation
(HIPAA/CMS)
• Utilized current project management methodologies (PMBOK & SDLC derived) and leveraged best
practices to ensure attainment of project deliverables
Federal Employee Plan Operations Center, D.C. 2004 – 2005
Senior Project Manager – HIPAA Security (contract)
• Assumed faltering HIPAA Security project resulting in achieving Federal compliance deadline resulting in
contractual compliance with Blue Cross and Blue Shield Plans and Federal Government entities
• Analyzed and modified Microsoft Project plans and schedules ensuring compliance deadlines were met
• Developed and conducted an internal audit resulting in a focused approach to compliance
• Responsible for security of all data in-flight, including claims transactions and eligibility
• Authored the HIPAA security compliance manual providing single source for all HIPAA information
• Designed and implemented computer-aided HIPAA instruction, testing and tracking system to meet staff
training requirements
State of North Carolina 2003 – 2004
Senior Project Manager – North Carolina Security Initiative (contract)
• Rejuvenated floundering HIPAA initiative project involving policy development and implementation of
International Standard, ISO-17799, Information Technology, Homeland Defense (PDD-63), Gramm-
Leach-Bliley, Health Insurance Portability and Accountability Act of 1996 (HIPAA), and Sarbanes-Oxley
Act (SOX)
• Developed a crosswalk between all regulations
• Instituted State Agency-wide audit providing a cohesive report of each agencies required compliance
Commonwealth of Massachusetts 2001 – 2003
Senior Project Director – Statewide HIPAA Initiative (contract)
• Revised policies, implementation processes, and the internal project portal for all departments
• Responsible for the direction of over 25 sub-projects
• Performed HIPAA regulatory audits and coordinated interagency HIPAA vulnerability review and Gap
Analysis
• Advised 47 agencies on remediation plans, including approach and deployment
• Tracked project progress with Microsoft Project Server and managed contract staffing plan, selection and
interview process

7. EDUCATION & CERTIFICATES:
Boston University
Project Management Certificates
International Project Management Association
Certified Project Director
Board of Directors & compliance resource
Cape Fear Group Homes
PUBLICATIONS & TRAINING:
• Member - Project Management Institute and Institute of Electrical and Electronics Engineers
• Contributing Member - Healthcare Compliance Association (HCCA)
• Contributor - HIMSS & WEDI ICD-10 National Pilot Programs
• Contributor - NIST Cyber Security Framework Feb 2014
• Author - Y2K Compliance Methodology for Nuclear Power Generation Sites © 1998
• Author - HIPAA Survival Kit for Providers © 2002, 2008, 2011, 2014