In her role as Vice President and Chief Compliance, Privacy and Internal Audit Officer, Kim Upshaw leads both the Office of Corporate Compliance and Privacy and the Internal Audit Department, overseeing all ongoing activities related to the development, implementation, maintenance of, and adherence to Drexel's policies and procedures covering the privacy of and access to sensitive information, including student information and patient information, in compliance with federal and state laws. She also oversees the University's adherence to federal, state, and local regulatory requirements and the University's policies and procedures, including the Code of Conduct, Conflict of Interest Program and the Whistleblower Hotline program.
Kim has over 20 years of experience in health care compliance, privacy, and legal, regulatory and risk management. At TridentUSA Health Services, a national bedside diagnostics company, Kim served as the organization's first compliance and privacy officer and built the program there from the ground up, serving as the main point of contact for all compliance program activities, including health care, HIPAA privacy and security, elder justice, Medicare and state regulatory compliance concerns. Kim was also Trident's first Chief Diversity Officer, where she implemented institutional goals to address issues of equality for all employees and associates.
Prior to Trident, Kim served as a privacy director at Johnson & Johnson, as associate director of marketing compliance at Centocor Inc., as a compliance and privacy manager at PwC (where several academic medical institutions were among her clients), and as a risk management consultant for Princeton Insurance Company. Throughout these roles, Kim acquired significant experience implementing privacy and audit programs on a global scale. She excels in establishing methodologies and assessments, compliance standards, and educational training for the protection of personal information in a variety of industries and business operations.
Through her work with the International Association of Privacy Professionals (IAPP), Kim helped develop a Higher Education Privacy Section, and as a member of its faculty, she trains certification candidates on the key elements of higher education laws. Kim has served as an adjunct professor at Widener University School of Law. She continues to mentor and teach J.D. candidates as a guest lecturer and member of the Health Law Program's Board of Advisors at Drexel's Kline School of Law.
Kim obtained an undergraduate degree in business administration from Georgetown University, a law degree from Villanova University School of Law, and a master of laws from Widener University School of Law. She has earned an Associate in Risk Management from the Insurance Institute of America, Certified Information Privacy Professional and Manager designation from the IAPP, and a Certified Compliance and Ethics Professional designation from the Compliance Certification Board.