Meditology provides consulting services to assist healthcare organizations address pressing IT and Risk Management challenges.

Our People: ITRM Leadership

Brian Selfridge, Partner

Brian Selfridge, CISSP, HITRUST, leads Meditology’s IT Risk Management practice and has advised hundreds of  healthcare organizations across the country.  Prior to Meditology, Brian was the CISO of AtlantiCare, a large integrated healthcare provider located in New Jersey. Brian is based in Philadelphia and has over 15 years of experience in healthcare security and privacy, with a deep understanding of the requirements and constraints for executing an operational information security program. He is a frequent presenter and expert speaker on an array of healthcare security topics, including: ethical hacking, medical device security, vendor security risk management and strategic considerations for information security risk management and compliance. As an industry-thought leader he advises several federal agencies including: OCR, HHS, and ONC.  Brian’s combination of both consulting experience with hands-on operational security leadership sets him apart as one of the healthcare industry’s leading experts on data risk management and compliance strategies. 

Nadia Fahim-Koster, Managing Director

Nadia is an experienced information Privacy and Security leader, bringing over 14 years of directly relevant, operational experience in healthcare privacy and security to her clients.  Prior to joining Meditology, Nadia served for almost six years as the CISO at Piedmont Healthcare, one of Atlanta’s premier health systems and as Chief Privacy Officer in her last year with Piedmont. Prior to that, she led the Information Security and Privacy department at Gwinnett Health System, a large regional provider. She has deep experience in the development, implementation, and operation of a corporate information privacy and security compliance programs, including identifying and addressing all applicable regulatory requirements, including HIPAA, HITECH, and PCI, and identifying and integrating privacy and security best practices.

Tyrone Jeffress, Director

Tyrone is an experienced consultant who advises his covered entity and business associate clients on cybersecurity, privacy and compliance matters. His expertise includes HIPAA security risk assessments, HITRUST certification, SOC 2 certification, security governance and strategic planning, vendor risk management and cloud security best practices.  

Tyrone has in-depth knowledge of security industry standards such as NIST, ISO 27001, ISO 27002, HITRUST CSF and the Payment Card Industry Data Security Standard (PCI DSS). He is a technical leader in Meditology’s IT Risk Management practice and has led penetration assessments, network vulnerability scans, medical device assessments and firewall configuration reviews. His clients include multi-facility health systems, health insurance payers, and business associate organizations of all sizes and complexities.  

Bethany Page, Manager

Bethany advises a variety of healthcare clients on healthcare compliance matters.  Her experience includes Meaningful Use compliance, HIPAA privacy and security assessments, remediation planning and project management, Office for Civil Rights investigations, HITRUST Common Security Framework remediation and other pertinent federal and state healthcare technology requirements.  She is a lead team member in Meditology’s Security Practice and represents the firm on national standards committees, such as ANSI.  Her clients range from small physician practices to large health systems.

Ryan Freeman-Jones, Senior Manager, West Coast Office Lead

Ryan is an experienced HIPAA Security and Privacy Officer, with over 5 years of experience in IT Risk Management. He serves as a primary Subject Matter Expert in Information Technology and Cyber Security. He also has extensive knowledge in compliance requirements such as HIPAA, HITECH, PCI-DSS, NIST, ISO and other regulatory, and risk standards. Ryan was one of the chief architects of the M.S. in Cyber Security program at Valparaiso University.  His combination of both security experience with hands-on operational leadership sets him apart and will make him an especially valuable member of the IT Risk Management community.

Bob Quandt, Nashville Office Lead

Bob Quandt is an experienced healthcare security leader with over 16 years’ experience in both the provider and business associate space. Prior to joining Meditology, Bob was the Vice President of Information Security and ISO at Sharecare (formerly Healthways) where he led the information security function for more than 5 years. He also led an IT audit function and worked in security, application development and internal audit at a Fortune 100 healthcare provider.

Bob is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and a member of the Middle Tennessee ISACA and ISSA organizations. Bob received his degree from Middle Tennessee State University and was honorably discharged from the United States Marine Corps. 

Kevin Sacco, Denver Office Lead

Kevin Sacco is a diverse consultant with over 15 years working in the Information Security, Compliance and Privacy fields. He is an information security subject matter expert working on a variety of engagements. Prior to Meditology, Kevin worked in PricewaterhouseCoopers’ security consulting practice where he led and worked on numerous information security engagements. He has experience conducting large complex assessments, advising and project managing remediation efforts, conducting vulnerability scanning and penetration testing, designing program governance and strategy and supporting product engineering teams in the development of technologies to be compliant with required security standards.

At Meditology, Kevin focuses exclusively on penetration testing projects. Kevin has held the following certifications during his career: CIPP/US, PCI ISA, CISA, CISSP, CPISM, GSEC, CCNA, MCSA: Security, Network+, Security+ and A+.