Brad Ulrich

Brad Ulrich - Software Expert Witness

Brad Ulrich has a 15+ year career as a computer scientist, tech entrepreneur, and expert consultant. He is trusted by federal agencies and leading software vendors to provide expert analysis and guidance on complex matters involving the safety and quality of software, regulations such as CEHRT and Meaningful Use, and industry best practices for quality and risk management in Health IT software.

His professional experience includes modern software architectures, safety-based product design, health IT software, FDA-regulated medical devices, distributed software, automation and DevOps, cellular devices, and more. He is adept at risk management, SDLCs and project management, software governance and compliance with SDO standards, CTO and strategic management, IP management and consulting, and litigation support and expert testimony as a computer scientist.

He is currently the Director of Quandary Peak’s Health IT and Audits division, where he oversees a team of software and health informatics experts in analyzing and audits of health IT software systems and companies, including reviews for private companies as well as the Department of Health and Human Services and United States Department of Justice.

DOWNLOAD Brad’s CV
Summary of Qualifications Areas of Expertise Litigation Experience Audits and Compliance Consulting

Summary of Qualifications

  • Trusted and respected health IT software analyst and auditor; selected by the federal government and guiding EHR vendors to lead ground-breaking projects
  • Experience leading independent 3rd party audits in the healthcare IT sector, including serving at the request of Office of National Coordinator for Health IT (ONC) and Office of Inspector General (OIG) as a Software Quality Oversight Organization (SQOO) and Independant Consultative Expert (ICE).
  • Well-versed in best practices for compliance and patient safety, with specialization in quality management systems, SDLC, risk management, high-quality software and software organizations, and software usability.
  • A trusted litigation consultant and software expert witness.
  • Served on dozens of contract dispute, regulatory, trade secret, and patent infringement cases.
  • Has served as an expert in International Trade Commission (ITC) investigations and USPTO patent re-examinations and IPRs, in addition to federal and state court cases.
  • Conveys technical subjects in a clear, logical style easily understood by a broader audience. Has a depth of experience in modern software architectures, software governance, and risk-based design controls in medical software.
  • Known for root cause analysis and corrective and preventive actions (CAPA)
  • Known for his fast and efficient code review and analysis in wide-array of software languages such as Java, Android, iOS, Objective C, C++, C#, Microsoft Windows, .NET, Python, Matlab, and more.
  • Well versed in software design patterns, both classic, and cloud/devops, SDLC, Software standards (ISO 13485, 25010, etc.)
  • Has expertise in usability and UI design, microservices, smartphones, mobile apps, medical devices, electronic health record systems (EHRs), embedded systems, cellular devices, web applications, and ERP systems.
  • Formerly served as Chief Technology Officer for Genesis Health Technologies, LLC, where he managed the growth of the company’s technology department and the commercial launch of Genesis’ flagship products and technology services for diabetes healthcare.
  • Member of the IEEE Computer Society.
  • Received his B.S. in Computer Science and Mathematics with cum laude honors from Vanderbilt University

Areas of Expertise

  • Software Development Standards

    Medical Device Standards (ISO 13485, ISO 14971, ISO 62304), Software governance (disciplined agile, CMMI for Agile); code quality standards (CWE, ISO 25010 / 25012, CISQ); SDLCs (Scrum).

  • Software Risk Management and Technology Mgmt

    Risk classification, HAZOP analysis, agile and FDA-regulated SDLC processes, risk and requirements traceability systems, software governance, compliance and audits.

  • Risk Controls and Scalability in Software

    Robust software, failsafe design, usability controls, automated testing, microservices, distributed computing

  • Litigation Support

    Intellectual property and patent infringement, software design/source code audit and review, non-performance claims, expert witness and depositions

  • Modern Software Processes

    DevOps, continuous integration, risk-based agile development

  • Medical Standards and Vocabularies

    HL7, C-CDA, X12, DICOM, IDC-9/10, HIPAA, Meaningful Use, SNOMED, RxNorm, QRDA

  • Languages and Technologies

    Java, Google Android and APIs (Maps, Cloud Messaging), RESTful APIs, HTML5, CSS, jQuery, django, Python, Chef, Fabric, PostgreSQL, json, SOAP, PHP, Rackspace Cloud, Amazon AWS/EC2, Apache, Ruby, Gunicorn, nginx, ZeroMQ, RabbitMQ, Perl, monitoring (Nagios, daemontools/supervise), Apple iOS and iPhone SDK, Objective C, Sencha, Appcelerator Titanium

  • Microsoft Platforms

    .NET, C#, VB.NET, Windows Phone SDK, IIS, Visual C++, Win32 applications and DLLs, WinCE applications, MFC 6.0, Visual
    Basic 6.0, Windows Phone OS

  • Database and ERP

    MySQL, PostgreSQL, Oracle, Siebel, OFBiz, OpenERP, JDBC, ADO.NET, OLE, Microsoft SQL

  • Project Development and Management

    Eclipse, Visual Studio 6, 8, 2005-2010, Visual Studio .NET, Siebel Tools, Visual Paradigm, UML, Github, JIRA, COCOMO, CASE
    tools, Microsoft Project, wrike, Visual SourceSafe

  • Analytics

    MATLAB. Statistical and numerical analysis, signal processing algorithms and systems, machine learning, financial trading
    indicators and systems.

Litigation Experience

  • Lenovo Group Limited


    Counsel: Sheppard Mullin Richter and Hampton LLP
    Nature of Matter: patent analysis
    Providing analysis regarding patent invalidity of Nokia-owned patents related to
    Android smartphone software

  • Private Parties v CONFIDENTIAL


    Jurisdiction: U.S. District Court
    Counsel: Schlichter Bogard & Denton LLP
    Nature of Suit: False Claims Act
    Providing expert analysis regarding potential false claims related to Meaningful
    Use and CEHRT regulations in the Health IT industry

  • North Brevard County Hospital District v McKesson Technologies, Inc.


    Jurisdiction: U.S. District Court, Middle District of Florida
    Counsel: GrayRobinson, P.A.
    Nature of Suit: contract dispute
    Provided expert report and analysis of the implementation of McKesson’s Horizon
    and Paragon systems at a community hospital, including a review of the EHR software and services and
    their compliance with industry standards.

  • Automation Middleware Solutions vs. Emerson Process Management LLP et. al.


    Jurisdiction: U.S. District Court, Eastern District of Texas
    Counsel: Bragalone Conroy PC
    Nature of Suit: patent infringement
    Performed code review and infringement analysis for middleware components in
    industrial motion control software.

  • CWI, Inc. v SmartDog Services LLC


    Jurisdiction: U.S. District Court, Western District of Kentucky
    Counsel: Broderick and Davenport LLP
    Nature of Suit: contract dispute
    Reviewed and provided expert report covering Oracle eBusiness Suite and WMS
    installation for a large outdoor products retail and distribution company.

  • AliphCom, Inc. et. al. v Fitbit, Inc.


    Jurisdiction: International Trade Commission, U.S. District Court, Northern Dist. of California
    Counsel: Gibson Dunn and Crutcher LLP
    Nature of Suit: Patent Infringement

  • Walmart-Stores, Inc. v Cuker Interactive, LLC


    Jurisdiction: U.S. District Court, Western District of Arkanas
    Counsel: Kutak Rock LLP
    Nature of Suit: Contract Dispute

  • Ericsson, Inc. et al. v. TCL Communication Technology Holdings, Ltd, et al.


    Jurisdiction: U.S. District Court, Eastern District of Texas
    Counsel: Sheppard Mullin Richter and Hampton LLP
    Nature of Suit: Intellectual Property – Patent

  • Justin Hull and Amy Sweigard v. Marriott International, Inc.


    Jurisdiction: U.S. District Court for the Southern District of Maryland
    Counsel: Conn Maciel Carey PLLC
    Nature of Suit: Americans with Disabilities Act (ADA) Compliance

  • Mary Rutan Hospital v. Nextgen Healthcare Information Systems, Inc.


    Jurisdiction: U.S. District Court for the Southern District of Ohio
    Counsel: Reminger Co., L.P.A.
    Nature of Suit: EMR Contract Dispute

  • Computer Programs and Systems, Inc. v. Mad River Community Hospital and American Hospital Management Corporation


    Jurisdiction: Circuit Court, Mobile County Alabama
    Counsel: Janssen Malloy LLP
    Nature of Suit: EMR Contract Dispute

  • Core Wireless Licensing S.a.r.l. v. LG Electronics, Inc. & LG Electronics MobileComm USA, Inc.


    Jurisdiction: U.S. District Court for the Eastern District of Texas
    Counsel: Bunsow De Mory Smith & Allison LLP
    Nature of Suit: Intellectual Property – Patent

  • Core Wireless Licensing S.a.r.l. v. Apple Computer, Inc.


    Jurisdiction: U.S. District Court for the Eastern District of Texas
    Counsel: Bunsow De Mory Smith & Allison LLP
    Nature of Suit: Intellectual Property – Patent

  • Packet Intelligence, LLC v. Cisco Systems, Inc.


    Jurisdiction: U.S. District Court for the Eastern District of Texas
    Counsel: Heim, Payne and Chorush LLP
    Nature of Suit: Intellectual Property – Patent

  • Denise C. Tullock and Sandra M. Fry v. Success Health Corp.


    Jurisdiction: Circuit Court, City of St. Louis, Missouri
    Counsel: Thurman Howald Weber Senkel & Norrik LLC
    Nature of Suit: Medical Malpractice

  • Bridgetree, Inc. v. Red F Marketing LLC et al.


    Jurisdiction: U.S. District Court – Western District of North Carolina Charlotte Division
    Counsel: Harwell Howard Hyne Gabbert & Manner
    Nature of Suit: Intellectual Property – Trade Secret

  • YPPI v. SuperMedia LLC


    Jurisdiction: U.S. Bankruptcy Court – District of Delaware
    Counsel: Kirkland and Ellis
    Nature of Suit: Intellectual Property – Copyright Infringement

  • Guitar Apprentice, Inc. v. Ubisoft, Inc.


    Jurisdiction: U.S. District Court – Western District of Tennessee Western Division
    Counsel: Waddey Patterson
    Nature of Suit: Intellectual Property – Patent

  • Special Learning, Inc. v. Step-By-Step Academy, Inc.


    Jurisdiction: U.S. District Court – Southern District of Ohio Eastern Division
    Counsel: Cooke Demers and Gleason LLP
    Nature of Suit: Contract Dispute

  • Mediware Information Systems, Inc. v. Hematerra Technologies, LLC


    Jurisdiction: U.S. District Court, Middle District of Florida Jacksonville Division
    Counsel: Barack Ferrazzano Kirschbaum & Nagelberg LLP
    Nature of Suit: Intellectual Property – Trade Secret

  • Intellectual Ventures, LLC v. AT&T Mobility, LLC, et al.
    Intellectual Ventures, LLC v. T-Mobile USA, Inc., et al.
    Intellectual Ventures, LLC v. Nextel Operations, Inc., et al.
    Intellectual Ventures, LLC v. United States Cellular Corporation


    Jurisdiction: U.S. District Court for the District of Delaware
    Counsel: Dechert LLP
    Nature of Suit: Intellectual Property – Patent

  • ROY-G-BIV Corporation v. Honeywell International, Inc., et al.
    ROY-G-BIV Corporation v. Siemens Corporation, et al.
    ROY-G-BIV Corporation v. ABB, Ltd., et al.


    Jurisdiction: U.S. District Court for the Eastern District of Texas
    Counsel: Boies, Schiller & Flexner LLP
    Nature of Suit: Intellectual Property – Patent

  • Motion Games, LLC v. Nintendo Co., Ltd., Nintendo of America Inc., Retro Studios, Inc., Rent-a-Center, Inc., and
    Gamestop Corp.


    Jurisdiction: U.S. District Court for the Eastern District of Texas
    Counsel: Boies Schiller & Flexner LLP
    Nature of Suit: Intellectual Property – Patent

  • Nokia Corporation and Nokia Inc. v. HTC Corporation and HTC America, Inc.


    Jurisdiction: United States International Trade Commission
    Counsel: Desmarais LLP
    Nature of Suit: Intellectual Property – Patent

  • N5 Technologies, LLC v. Capital One, N.A., Capital One Bank (USA), and Capital One Services, LLC


    Jurisdiction: U.S. District Court for the Eastern District of Virginia
    Counsel: Panovia Group, LLP
    Nature of Suit: Intellectual Property – Patent

  • Anthony Dike, M.D. v. Kindred Healthcare Operating, Inc.


    Jurisdiction: Superior Court of the State of Califoria, County of Los Angeles – East District
    Counsel: Giovanniello & Michels, LLP
    Nature of Suit: Loss of Property

  • Wisconsin Technology Venture, LLC v. Fatwallet, Inc.


    Jurisdiction: U.S. District Court for the Western District of Wisconsin
    Counsel: Newman Du Wors LLP
    Nature of Suit: Intellectual Property – Patent

  • Nokia Corp. and Intellisync Corp. v. HTC, HTC America, Inc., and Exedea, Inc.


    Jurisdiction: United States International Trade Commission
    Counsel: Desmarais LLP
    Nature of Suit: Intellectual Property – Patent

  • Yazmin Reyazuddin v. Montgomery County, Maryland


    Jurisdiction: U.S. District Court for the District of Maryland (Southern Division)
    Counsel: Office of the Montgomery County Attorney
    Nature of Suit: Reasonable Accommodations Dispute Re: Section 508 of the Rehabilitation Act

  • MobileMedia Ideas, LLC v. HTC Corporation and HTC America, Inc.


    Jurisdiction: U.S. District Court for the Eastern District of Texas
    Counsel: Desmarais LLP
    Nature of Suit: Intellectual Property – Patent

Audits and Compliance Consulting

  • Electronic Health Record Vendor (CONFIDENTIAL)


    Performing consultation regarding compliance and regulatory matters for Certified Health IT software.

  • Electronic Health Record Vendor (CONFIDENTIAL)


    Performing gap analysis and recommendations for improving compliance with CEHRT regulations for
    Certified Health IT software.

  • REMS – Data, Quality, Process and Systems Review (CONFIDENTIAL)


    Performing independent, internal data, quality, process and systems review for a major FDA-regulated
    REMS (Risk Evaluation and Mitigation Strategies) program and for a popular generic medication with
    serious side effects. Includes 21 CFR Part 11 compliance review, review of software development,
    architecture, requirements, documentation, testing and validation; review of annual report data and
    assisting with responses to FDA inquiries.

  • Major Electronic Health Record Vendor (CONFIDENTIAL)


    Developing guidance to meet CEHRT regulations with a focus on software governance and quality management systems;
    drafting policies and procedures that combine agile processes with regulatory governance requirements. Reviewing
    source code and issue tracking records to identify regulatory issues.

  • Office of National Coordinator for Health IT
    ONC Health IT Safety Evaluation Technical Analysis


    Currently engaged as the leading software engineer on a small team led by NORC at the University of Chicago and
    selected under a federal contract and open solicitation (Solicitation # 17-233-SOL-00329) issued by the ONC. The
    project is expected to include technical reviews of known or expected patient safety issues in ONC-certified EHR
    systems, including software process and source code review, including review of past issues, recommendations for risk
    and quality management systems, design controls, improvements to software development and testing processes, code
    review and manual and automated code quality analysis.

  • eClinicalWorks, LLC and the Office of the Inspector General of HHS
    Software Quality Oversight Organization


    Leading a team of seven serving as the Software Quality and Oversight Organization (SQOO) under the Corporate
    Integrity Agreement between eClinicalWorks LLC and the Office of the Inspector General of the United States
    Department of Health and Human Services dated May 30, 2017. Serving as an independent audit and oversight
    organization covering a technical review of EHR software and development processes as it relates to patient safety.
    The project includes software process and source code review, including review of past issues, recommendations for
    risk and quality management systems, design controls, improvements to software development and testing processes,
    code review and manual and automated code quality analysis.

  • Office of National Coordinator for Health IT


    Led a team of four serving as an Independent Consultative Expert (ICE), and issued a formal ICE report covering a
    technical review and audit of a major EHR software product as it relates to patient safety. The project included
    software process and source code review, review of past issues, and development of recommendations for risk and
    quality management systems, design controls, improvements to software development and testing processes, code review
    and manual and automated code quality analysis.

  • Consumer Financial Protections Bureau (CFPB)


    Leading a team of three from Quandary Peak Research in providing technical review and audit for the CFPB in an
    ongoing investigation of a large mortgage servicing company. The review covers software process and code review,
    including a review of internal software development processes, documentation and communication practices, data
    storage and access practices, and source code review. The project includes assessing the integrity and reliability of
    key data and identifying potential data integrity and validation remedies.