IAPP Professional Privacy Faculty
Kim Upshaw, CIPP/US, CIPM
Corporate Health Care Compliance and Privacy Officer
Trident USA Health Services
Kim Upshaw is the corporate health care compliance and privacy officer for TridentUSA Health Services, where she is responsible for establishing and continuing the development, implementation, revision and oversight of the corporate health care compliance and privacy program (compliance program). In this role, Upshaw serves as the focal point for all compliance program activities.
For more than 16 years, Upshaw has served in healthcare legal, regulatory and risk management in the academic, acute care, nursing care, behavioral healthcare, physician and pharmaceutical sectors.
Prior to joining Trident, Upshaw was the privacy director for the pharmaceutical sector of a major global healthcare organization. In that role, she was responsible to oversee the implementation of a privacy program that covered more than 60 countries throughout the world. She developed and trained privacy stewards in each country and guided their navigation and implementation of specific rules and requirements to protect personal data.
Upshaw was also an instrumental member of the privacy compliance group at a major U.S. professional services firm, helping to grow the privacy practice from $2 million in annual revenues to more than $10 million in annual revenues in less than two years. In this role, she was instrumental in the development of methodologies, assessments, compliance programs, assurance mechanisms and training and educational materials for the protection of personal information in business operations. Specifically, she helped identify and define the implications of HIPAA privacy rule on research operations at academic medical centers.
Upshaw has authored several articles and white papers that offer HIPAA privacy rule implementation strategies for academic and research medicine and has presented on the effects of HIPAA on research privacy. Her article, “The HIPAA Privacy Rule: Practical Advice for Academic and Research Institutions” (PMID: 11842502) is currently noted as one of the “most cited papers on Academies and Institutes, legislation & jurisprudence” at http://lib.bioinfo.pl/meid:218674/citpmid. Upshaw has presented on privacy and data protection at the Fourth, Sixth and Ninth National HIPAA Summit, the 63rd annual conference of the American Medical Writers Association and numerous academic medical centers and physician groups.
Upshaw has been an adjunct professor at the Widener University School of Law, where she taught a course on medical information privacy to JD, LLM and master’s degree candidates. She continues to mentor and teach JD candidates by participating in the health law program at Drexel University School of Law in Philadelphia, PA.
Upshaw obtained an undergraduate degree in business administration (BSBA, marketing) from Georgetown University, a law degree (JD) from Villanova University School of Law and a master’s in law (LLM, health law) from Widener University School of Law. She is a member of the Pennsylvania and New Jersey bars and has earned an associate degree in risk management from the Insurance Institute of America and a Certified Information Privacy Professional (CIPP) designation from the International Association of Privacy Professionals.