John F. Howard

John appreciates that business requires a balanced approach to addressing emerging legal and compliance issues while keeping the goals of the business in mind. John’s risk management style utilizes this understanding to guide clients in developing effective incident response plans, risk management structures, polices, and procedures.

John has extensive experience in information technology, regulatory compliance, and program building having served as the Director of the HIPAA Privacy Program, the HIPAA Security Officer, and the HIPAA Privacy Officer at a large R1 public university. Frequently called upon to help guide executive leadership through complex issues.

In addition to being able to speak the language of executive leadership, John is also a Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM) with experience in compliance with multiple information privacy and security regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and the EU’s General Data Protection Regulation (GDPR).

John also spent over a decade working in information technology at an academic medical center and medical school in multiple roles including as a systems analyst and a risk assessment manager. He currently teaches Data Privacy and Cybersecurity in Healthcare at the James E Rogers College of Law and regularly serves as a guest lecturer at Northern Arizona University.