Andrew Mahler, JD, CIPP/US, CHPC, CHRC, has been named interim Chief Privacy Officer in the Office of Compliance and Enterprise Risk Management. Mahler will assume this function immediately.
In this role, Mahler is responsible for leading the privacy strategy, operations and compliance activities to meet our legal, regulatory and contractual obligations to protect sensitive information as required by regulations, including both HIPAA and FERPA. Mahler will be the senior privacy official as defined in the HIPAA Privacy Rule, and his appointment will fulfill our regulatory obligation to appoint a single individual with responsibilities for the implementation and development of the entity’s privacy policies and procedures, to receive complaints about privacy, and to represent the entity in providing notice of privacy practices.
Mahler is the Manager of Privacy Services for CynergisTek, Inc. Before joining CynergisTek, Mahler managed the HIPAA Privacy and Research Integrity Programs for the University of Arizona (UA) and developed privacy and health law courses for the Colleges of Law and Business Management. Prior to his roles at UA, he was an investigator with the U.S. Department of Health & Human Services, Office for Civil Rights (OCR), and managed complex cases related to HIPAA privacy, security and Breach Notification Rule enforcement.
Mahler is licensed to practice law in Arizona and Georgia (inactive) and holds CIPP/US, CHPC and CHRC certifications. He is a member of the American Health Lawyers Association (AHLA), the International Association of Privacy Professionals (IAPP) and the Health Care Compliance Association (HCCA).
Visit or email the Office of Audit, Compliance, Ethics and Risk Management for more information or questions about privacy and compliance.