Heather Goodwin

12235 Conveyor Court Bristow, VA 20136

C: 703-402-8921
[email protected]

OBJECTIVE:
As an experienced Senior HIPPA, Privacy, and Security Analyst, I am seeking to secure a position where I can
utilize my experience, educational background, knowledge of the Privacy Act, Health Insurance Portability and
Accountability Act (HIPAA), Agiliance RiskVision GRC, eMASS, Microsoft Office Programs, Microsoft WSUS
application, Fortify, ICD-9 & CPT4 Coding, and MEDITEC software. I am a self-starter who learns quickly and
very detailed oriented.

CERTIFICATIONS:
Certified HIPAA Security Specialist (CHSS)
Six Sigma Yellow Belt

EDUCATION:
Strayer University
Bachelor of Business Administration (BBA), Concentration in Management, March 2008

State University of New York College of Technology-Alfred State College

Associate in Applied Science (AAS), Business Administration, May 2002
Associate in Applied Science (AAS), Medical Assistant, December 2000

CLEARANCES:
Completion of a NACLC Security Clearance

FEDERAL LAWS, REGULATIONS, POLICIES:

HIPAA, Privacy, VA 6500, DoD 5400.11, DoD 8500, HITECH, NIST SP 800, FISMA, DIACAP, TRICARE

COMPLIANCE AREAS:
HIPAA, Privacy and Security, Agiliance RiskVision GRC, eMASS, Business Continuity, Disaster Recovery, System
Security Plans (SSP), DIACAP, Risk Management Framework (RMF), Privacy Impact Assessments (PIA), Data
Sharing Agreements (DSA), Memorandum of Understanding (MOU), Contingency Plans (CP), Incident Response
Plan (IRP), POA&M

COMPLIANCE/SECURITY TOOLS:
Risk Vision, HP Fortify, WSUS, WebLayers

WORK EXPERIENCE:

Systems Made Simple (SMS) a Leidos Company, Reston, VA

HIPAA/Privacy Security Specialist, July 2013-Present
*Contracted Service with MedPro Staffing with SMS from December 2012-July 2013
 Experienced in working in an agile development contracts.
 Coordinate with the identified POC’s for the updates to the Release Readiness Review (RRR) checklist
before each release.
 Schedule Release Review Board (RRB) meeting before each release.
 Brief the RRB attendee’s information on the upcoming release and items of interest from the RRR checklist.
 ATO Coordination with multiple contractors and the VA.
 Coordinate with the VA on the review and approval of the Security documentation.
  Contract POC for updating eMASS/Risk Vision with control implementation statements, evidence, and
required documentation.
 Key participant in the Security Control Assessment (SCA) performed as part of ongoing Authority to
Operate (ATO) efforts.
 Constructed and manage the development of various privacy and security artifacts such as security education
awareness and training, management plans, contingency plans, and incidents response plans.
 Coordinate and provide support for all Security requirements for achieving ATO.
 Coordinate with the cybersecurity team to establish control and processes to monitor and manage project
compliance with HIPAA and the Privacy Act.
 Direct and track project staff for completion of IA training to meet DoD 8570 and contract compliance.
 Coordinated and tracked project staff completion of HIPAA/Privacy training to meet DoD 5400.11 and
contract compliance.
 Developed a tracking method to verify the training certifications for the IA and HIPAA/Privacy training.
 Coordinated with management on new hire training when needed.
 Collaborate with team developers and engineers on auditing record details regarding HIPAA/Privacy.
 Administered HP Fortify vulnerability scans to identify weaknesses in networks, applications, and other
systems and work with developers to remediate changes.
 Administered WebLayers scans to identify security flaws as well as best practices in coding.
 Apply patches for Windows environments in test, development, and production environments using
Microsoft WSUS.
 Manage tracking and application of all Information Assurance Vulnerability Management (IAVB/IAVA)
from the Cybercom and patched Windows Systems using WSUS.
 Manage the administration of Organizational Conflict of Interest (OCI) and Non-Disclosure Agreement
(NDA)s for current period of performance.
 Manage cybersecurity team members on Security Incident Response to mitigate damage, determine impact,
prepare reports, and implement corrective actions.

ER Williams, Falls Church, VA

Senior Management Analyst, October 2008-October 2012
 Planned, developed, and implemented a new proactive DoD privacy and HIPAA surveillance program.
 Development HIPAA compliance documents to aid in the surveillance of sites to include TRICARE
Management Activity (TMA), TRICARE Regional Offices, TRICARE Area Offices, and Military Treatment
Facilities (MTFs).
 Managed site visit logistics including establishing dates of visit, location, number of employees, and other
general information to help prepare for team visit.
 Prepared after action reports for the Client and the Program Office visited.

JACER Corporation, Resource Information Technology Program Office, Falls Church, VA

Access to Care Solutions Consultant, October 2007-October 2008
 Managed Configuration Management activities for the Enterprise Wide Scheduling and Registration
(EWSR) project.
 Attended Configuration Management meetings while representing the EWSR project regarding project
updates or system downtimes.
 Prepared project budget.
 Tracked system deployment activities.
 Reviewed project contract deliverables for timeliness, content, and accuracy.
 Provided recommendations to Project Officers regarding contract deliverables.
 Coordinated with project managers and system developers in implementation of deliverables.
 Represented EWSR Project Office at various work group meetings.
 Prepared agendas for EWSR project level meeting.

Heather Goodwin ∙703-402-8921∙ [email protected]

Axiom Resource Management, Inc., TMA Privacy Office, Falls Church, VA
Senior Healthcare Analyst, January 2007 – October 2007
 Reviewed data requests for accuracy and required documentation before processing Data Sharing
Agreements (DSA) for protected health information (PHI) or beneficiary encrypted (BEF).
 Responded to inquires related to data request from internal and external requestors.
 Provided weekly ad hoc and monthly reports to senior management.
 Ensured DSA requestors were in compliance with the Privacy Act of 1974, Health Insurance Portability and
Accountability Act (HIPAA), and other DoD Regulations.
 Wrote internal policy, procedures, and information papers relating to DSAs as directed by Team Leader and
Manager.
 Prepared and/or updated DSA related forms, drafts and other written material related to the development and
continued efficiency of the DSA application process as required.

Axiom Resource Management, Inc., TMA Privacy Office, Falls Church, VA

Analyst, March 2004-January 2007
 Provided quality control of EI/DS account authorization forms received in the TMA Privacy Office which
included review, in-processing, tracking, and briefing of the TMA Privacy Officer for approval.
 Updated multiple databases for approved account authorization forms. Reviewed accuracy and requirement
documentation before processing Data Sharing Agreements (DSA) for protected health information (PHI) or
beneficiary encrypted (BEF) when there was a backlog.
 Represented TMA Privacy Officer and Team Leader in meetings.
 Composed information papers under direction of the Client.
 Wrote internal policy and procedures as directed by Team Leader and Client.
 Provided a monthly report to the Client.
 Managed the ADP clearance process for contractors requesting access to the MHS system.

Axiom Resource Management, Falls Church, VA

Technical Assistant, May 2003-March 2004
 Interfaced with military and government personnel to prepare, proof read, edit and maintain various
documents and minutes.
 Performed quality control of status reporting and tracking system for internal use in order to meet
compliance dates. (i.e. HIPAA Basics tool).
 Gathered HIPAA Requirements and Design Documentation for Input into the Dynamic Object Oriented
Requirements System (DOORS) database.
 Designed and updated the HIPAA website.

Irving Burton Associates (IBA), Falls Church, VA

Desktop Support Specialist, October 2002-May 2003
 Edited and maintained the Operation Procedure Manual for the IMD community as well as other
documentation, correspondence, and minutes.
 Assisted office personnel with coordinating schedules for high-level meetings, direct incoming calls,
maintain office supplies and provide other administrative support as necessary.

Jones Memorial Hospital, Wellsville, NY

Unit Secretary of Medical/Surgical May 1999-May 2002
 Managed the admission, discharge and transfers of patients.
 Managed the transcription of orders to medication administration records and care pathways.
 Implemented infection control techniques and demonstrated knowledge of universal precautions when
handling patient items and supplies.
 Provided order entry and data retrieval support with the use of MEDITEC software.

Unit Secretary of Emergency Room May 1999-May 2002

 Managed the patient registration and admission processes.

Heather Goodwin ∙703-402-8921∙ [email protected]

  Performed order entry of physician’s orders utilizing ICD-9 and CPT4 coding.
 Performed medical transcription and record filing in an efficient manner.

Volunteer Work

Girl Scout Troop Leader

Oct 2011-May 2014
 Responsible for the financial budget for troop events, activities, rewards, and recognitions.
 Responsible for all the registration and permission forms for the troop.
 Coordinate in the preparation of activities that the troop will do at bi-weekly meetings as well as other extra
circular activities.
 Represent troop by attending the monthly Service Unit meeting.

Home Owners Association President for the Bull Run Rebel Walk Association
May 2005-May 2006
 Coordinate with other board members in meetings to comprise on decisions that pertain to the community as
a whole.
 Managed budget review and analysis, by-law review and implementation.
 Coordinated in solving any homeowner issues that may have arisen since last board meeting.

Rebuilding Together In Alexandria (with Christmas in April) House Captain

April 2004
 Coordinate with other volunteer house captains to help in the restoration of homes.
 Responsible for putting together information emails and organizing the two house teams along with
individual tasks for that day.
 Provided guidance to the set-up, repair, build, and clean-up projects for the day.

Heather Goodwin ∙703-402-8921∙ [email protected]