Jacki Monson, JD
Vice President, Chief Privacy and Information Security Officer
Sutter Health
Roseville, CA

Jacki Monson has extensive expertise in health care privacy and security law and compliance. For the past four years, she has been serving as the Vice President, Chief Privacy and Information Security Officer at Sutter Health in Sacramento, California where she administers and manages privacy and information security programs for Sutter Health and its affiliates. She provides advice and education to programs and constituents about HIPAA, HITECH and other information security and privacy laws and regulations. She also manages and oversees the privacy monitoring and audit program, cyber security operations and incident response. She was previously the Chief Privacy Officer at Sutter Health for three years prior to her appointment over security and privacy programs. Prior to her position at Sutter, she served as Chief Privacy Officer at the Mayo Clinic where she assessed privacy program gaps and created plans to implement procedures and policies to mitigate or eliminate risk for the Mayo Clinic enterprise. As Privacy Compliance Specialist at Prime Therapeutics, LLC, she provided advice on legal aspects of Privacy and Information Security including HIPAA Security and NIST. She was appointed to the HHS Cyber Security Taskforce (March 2016-July 2017), and testified at the May 2016 NCVHS Privacy Hearing on de­identification of protected health information.

She also is an expert on privacy and security by design, privacy and security impact assessments, managing and operating privacy and security programs for large integrated health systems, privacy and security concerns with patient portal, privacy and security with social media and cyber security. She brings vital real-world experience to the Committee’s work.

Ms. Monson is a widely recognized expert in the health industry and has presented keynote briefings at industry conferences such as HIPAA Summits, American Health Information Management Association (AHIMA), Healthcare Compliance Association (HCCA) and the Health Information Management System Society (HIMSS) on topics involving compliance, privacy, information security and emerging privacy and security challenges.

She received her Juris Doctor from the Mitchell Hamline School of Law, St. Paul, MN. Her certifications include Healthcare Compliance, Privacy, Health Law and Information Security. Her publications include “Privacy by Design: the Next Generation of Privacy” (2016), HIPAA Security Risks with Mobile Devices and many features on cyber security. She was recognized by Becker Hospital in 2018 and 2019 for top 20 Chief Information Security Officers in healthcare. She has served as a member of NCVHS since 2017 and is an active member of the Subcommittee on Privacy, Confidentiality and Security.