Our Team

Carl N. Abramson, President, MalvernGroup Incorporated

Carl brings over 35 years of diversified IT and business experience to MalvernGroup. He has significant experience in HIPAA Security and Privacy, HITECH and NERC CIP Cyber Security Regulations, Business Process Reengineering, Strategic Planning, Project Planning & Management, Business Continuity, Information Security, Risk Analysis and IT Operations.

Since co-founding MalvernGroup, Carl has:

  • Delivered HIPAA engagements in many healthcare organizations including community hospitals, academic teaching hospitals, medical practices, a long term acute care hospital system, a NYSE-listed managed care organization, a state health and human services division, a university health service and a large billing and collections service;• Written detailed privacy policies and procedures;• Documented privacy, security and healthcare process models;

    • Developed corporate-level HIPAA compliance strategies and plans, business process recommendations, enterprise level process models;

    • Developed information system requirements, implementation strategies, vendor strategies and cost estimates;

    • Co-authored trade publications, journal article and textbook chapter on process-based approaches for HIPAA compliance and healthcare process improvement.

    • Presented HIPAA topics to clients and at regional seminars;

    • Developed best practice and regulatory process models and software to support consulting engagements and quality improvement for healthcare;

    • Developed MalvernGroup’s HIPAA Breach Response Toolkit – a comprehensive guide for development of policies and business processes for compliance with the HITECH Breach Notification Interim Final Rule; and

    • Co-founded the HIPAA-411 Linkedin Group

Prior to MalvernGroup Carl held IT leadership positions at Siemens Healthcare, The University of Pennsylvania and Exxon Information Systems.

Carl has a BS in Electrical Engineering from The City College of New York and Graduate studies in Electrical Engineering at the University of Maryland.


Susan A. Miller, J.D.

Ms. Miller is an independent consultant and attorney.  She has 35 years of professional leadership experience spanning teaching, biochemistry research and law.

Since founding her own law firm in 2002, Ms. Miller has provided legal and consulting services to:

  • Health care vendors;• National accreditation agencies;• Federal government agencies;

    • The Massachusetts Medical Society; and,

    • The Massachusetts Hospital Association and numerous other entities.  Her clients have also included CMS Medicare+Choice, CMS Region 1, CMS Region 4, CMS Region 6, BCBSA, NJ-Medicaid, Folio Associates, and NIST.

Ms. Miller received her undergraduate and Masters degree from Tufts University, Medford, Massachusetts, and her law degree cum laude from Suffolk University Law School in Boston, Massachusetts.

She is a recent past Co-chair of WEDI SNIP, a member of the Steering Committee, is a founding Co-chair of the Security and Privacy Work Group and chairs many of the privacy and security sub-workgroups.   Ms. Miller has worked on numerous legislative initiatives and is responsible for analysis of state and federal health care reform proposals and payment reform.

Ms. Miller had been named the third winner of Melczer award by WEDI in November 2007 for “providing exemplary service by giving her time to WEDI and the industry.” The award recognizes a person “whose business philosophy is to make the world a better place by sharing one’s time and talents.”

Ms. Miller co-founded  HIPAA-411 Linkedin Group

Kathleen A. Lucey, FBCI

She is a thought leader in the business continuity/disaster recovery industry.  She has published 12 articles on a variety of subjects related to BC in US and UK industry journals.  She is a sought-after speaker at industry conferences: in the last 10 years, she has given 29 individual conference sessions and has chaired 5 industry panels on subjects ranging from HIPAA, Title IX (PS-PREP) to Supply Chain Resilience and other regulatory issues.

Kathleen is a Fellow of the Business Continuity Institute and specializes in all aspects of Risk and Resilience, including:

  • Risk Assessment and mitigation,
  • Information security, and continuity planning for the protection and resilient operation of critical business functions Strategy Development and Implementation
  • Testing Methodologies, and ongoing BC Program design and support.
  • Engineering for building infrastructure and support systems
  • Design of appropriate risk management organizational structures.

She has received extensive recognition from her industry peers:

  • 1998:  received the inaugural Business Continuity Practitioner of the Year Award, given by IBM to the individual who has made the most significant contribution to innovation in the field that year.
  • 2000:  elected a Fellow of the Business Continuity Institute (FBCI).
  • 2005:  inducted into the Contingency Planning and Management Hall of Fame.

Kathleen is the sole practitioner to date to hold all three of these industry distinctions.

  • 2007:  elected Chair of the Contingency Planning & Management Advisory Board.
  • 2008:  founding President of the USA Chapter of the Business Continuity Institute.
  • 2009:  elected Director of the Board of the Business Continuity Institute.

She founded Montague Risk Management in 1996 and began an association with New York University’s Center for Management in December 2004, and became Adjunct Professor in the School of Continuing Studies in 2005.

She has a BA in English Literature from the University of California at Berkeley and attended their Ph.D. Program