Alan J. Roth CISA, is an expert in digital forensics. He is a retired United States Postal Inspector with experience in investigations, audit (financial, contract and developmental/information technology), digital forensics, and IT security. As a Program Manager for the Postal Inspection Services Digital Evidence Unit, Alan led a team of Forensic Analysts specializing in computer, video and audio analysis for nine years, supporting criminal investigations around the U.S. In this capacity Alan testified in Federal court as a Computer Forensic expert on several occasions.
He also served as liaison to the National Institute of Science and Technology’s (NIST) Digital Evidence working group, and participated in the development of National Institute of Justice (NIJ) guides and special reports on digital evidence topics, co-sponsored by NIST. His most recent assignment prior to retiring from the Postal Inspection Service was as the Law Enforcement liaison to the Postal Services CIRT team and Information Systems Security group. In a previous assignment he served as the security officer for the Postal Inspection Services Information Technology Division.
Alan is an experienced trainer/presenter, having provided digital evidence training to Postal Inspector Basic Training classes for many years. He was also co-developer of the Postal Inspection Services Digital Evidence course for Postal Inspectors, and coordinated or assisted in coordinating training conferences for Forensic Computer Analysts during his tenure as a Program Manager for the Digital Evidence Unit. His work experience includes serving as postal inspection service representative to National Institute of Science and Technology Joint Steering Committee for Computer Forensics. He is a Certified Information Systems Auditor(CISA), current Director of ISACA, the Information Systems Audit and Control Association of RTP chapter and past 2nd Vice President of the Carolina chapter of HTCIA, which is the High Technology Crime Investigation Association.
As more physicians, hospitals, and other healthcare professionals adopt Electronic Health Records ( EHR), share digital medical records, implement cloud computing, and engage in social media, the risks, size and frequency of data breaches containing Protected Health Information(PHI) are increasing.
Under HIPAA Omnibus final rule a breach is presumed following every impermissible use or disclosure of Protected Health Information (PHI). Covered entities and business associates must demonstrate, through a properly conducted and documented risk assessment, that there is a low probability of compromise of the affected data/PHI.
As more physicians, hospitals, and other healthcare professionals adopt Electronic Health Records (EHR), share digital medical records, implement cloud computing, and engage in social media, the risks, size and frequency of data breaches containing Protected Health Information (PHI) are increasing.