Matthew Jackson

Matt is a founding member of Protiviti and serves as Protiviti’s Healthcare Internal Audit and Digital Solutions leader. He has more than 24 years of experience providing operational, technology and regulatory consulting and internal audit services to a wide range of healthcare organizations. He is a frequent speaker on internal audit, compliance and information technology improvement initiatives. He also has published related pieces for national publications as well as various additional healthcare thought leadership resources.

Major Projects

• Served as the technology lead for numerous Internal and IT Audit reviews executed as part of both full outsourcing and co-sourcing arrangements within the healthcare industry. These reviews were conducted across a variety of organizations from single entities to multi-facility systems. The scope of these audits has included, but was not limited to application pre/post implementation, EHR risk management, digital transformation, medical device life cycle management, Meaningful Use, MACRA, security administration, penetration testing and vulnerability assessments, change management, data backup and recovery, data processing and interface utilization, business continuity, disaster recovery, IT Governance, Sarbanes-Oxley assistance, HIPAA compliance, Payment Card Industry compliance, revenue assurance, executive incentive compensation, payroll practices, charge capture, risk management, additional regulatory compliance, and construction program practices. Matt plays a key role in the risk assessment and planning process for each of these organizations.
• Conducted numerous reviews focused on evaluating the sufficiency of oversight programs and compliance practices in place for promoting, monitoring, and enforcing compliance with the safeguarding of Protected Health Information (including ePHI), as required by the Privacy, Breach Notification, and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) including modifications resulting from the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Final HIPAA Omnibus Rule.
• Led various information security / cybersecurity program assessments for a variety of healthcare organizations in order to evaluate current-state against industry leading practices, industry leading frameworks, regulatory guidance, experience at other organizations, etc.
• Led numerous efforts focused on evaluating and/or executing processes to satisfy the risk analysis requirement in §164.308(a)(1)(ii)(A) in order to perform an evaluation of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of applicable ePHI.
• Served as the Information Technology lead on a number of Sarbanes-Oxley compliance projects within the healthcare industry.
• Facilitated the establishment of various Enterprise Risk Management (ERM) functions at large healthcare organizations. Efforts covered the full spectrum of ERM from initial strategy development and program implementation through ongoing maintenance and monitoring processes. Additional efforts have included various ERM program effectiveness assessments as well.

Areas of Expertise

• Internal Audit
• Technology Consulting
• Security and Privacy
• Regulatory Compliance

Industry Expertise

• Healthcare

Education

• BS – Management Information Systems
• BS – Business Management

Professional Memberships and Certifications

• Project Management Professional (PMP)
• Healthcare Information and Management systems Society (HIMSS)
• Healthcare Financial Management Association (HFMA)
• Health Care Compliance Association (HCCA)
• Association of Healthcare Internal Auditors (AHIA)
• Project Management Institute (PMI)