HITRUST is committed to providing the most relevant, up-to-date information security and privacy offerings to the healthcare industry. To complement this commitment, HITRUST continuously and actively solicits industry input on potential changes and updates and draws upon the expertise of Councils to ensure our programs, services and initiatives serve, and stay aligned to, the information security and privacy needs of the industry.

Active Councils (click to expand)

The HITRUST CSF Advisory Council was established to coordinate with HITRUST to maintain and improve the HITRUST CSF, ensuring it meets the demands of today’s healthcare industry while leading the program into the future as the healthcare industry continues to grow and mature.

HITRUST CSF Advisory Council members actively advise and make recommendations to HITRUST with respect to the structure and content of the HITRUST CSF and CSF Assurance Program based on their various areas of subject matter expertise and experience, as well as the expertise and experience of their respective constituencies and other stakeholders.

In 2017, the Council was expanded with the addition of key standards and trade associations so that HITRUST could receive input and consensus from every healthcare sector where risk management is relevant.

The CSF Advisory Council Members include:

  • America’s Health Insurance Plans (AHIP)
    Marilyn Zigmund Luke, Vice President, Special Projects
  • American Hospital Association (AHA)
    Lawrence Hughes, Assistant General Counsel
  • American Medical Association (AMA)
    Laura Hoffman, Assistant Director, Department of Federal Affairs
  • American Medical Group Association (AMGA)
    Richard Stempniewicz, Chief Technology Officer
  • Electronic Healthcare Network Accreditation Commission (EHNAC)
    Lee Barrett, Executive Director
  • Texas Medical Association (TMA)
    J. Stefan Walker, M.D., HIT Committee Member and practicing physician
  • Independent Member:
    Jason Taule, Chief Security Officer and Chief Privacy Officer, FEI Systems
  • Independent Member:
    Kirk Nahra, Partner, Wiley Rein LLP

The HITRUST Business Associate Council (BA Council) was formed with the mission to give healthcare business associates a voice and drive efficiencies and effectiveness in third-party information security assurance. HITRUST also named the 17 founding members, representing a diverse cross-section of technology vendors supporting the healthcare and public health sector as well as security, risk, compliance and audit executives. The BA Council will hold four meetings over the course of the year.

The BA Council was created to ensure the healthcare industry is effectively collaborating with the vendors supporting the healthcare industry. The BA Council provides a forum to ensure business associates and vendors are able to provide input, influence, and directly engage with HITRUST and healthcare organizations relating to the HITRUST Third Party Assurance program. Through interaction with the BA Council, HITRUST will work to ensure that the Third Party Assurance and other programs are considering and accommodating business associate and vendor perspectives and objectives.

The founding members of the BA Council include:

  • Tim Belardi, Director, Technology & Supplier Risk Management – Highmark
  • Troy Bos, Director, Third-Party Assurance – Conduent (Xerox Corporation)
  • Brenda Callaway, Executive Director Information Security Compliance & Disaster Recovery – Health Care Services Corp
  • Chris Drake, CEO and Founder – Armor
  • Andrew Frazier, Healthcare Information Security Officer – Cognizant
  • Travis Good, M.D., CEO and Co-founder – Datica
  • Richard Haft, Head of Risk, Information Security, and Compliance – Arvato Digital Services
  • Patrick Heim, Head of Trust and Security – Dropbox
  • Debbie Hutchinson, Senior Manager, Audit and Third-Party Assurance – Availity
  • Rebekah Johnson, Compliance Leader – West Corporation
  • Taylor Lehmann, Chief Information Officer – HealthEdge
  • Brenda Magri, Director, Risk and Compliance, ISO – Fiserv
  • Jeff Martin, Manager II Technology, Information Security – Anthem
  • Stirling Martin, Chief Security Officer – Epic Systems Corporation
  • Izak Mutlu, Vice President – Information Security – Salesforce
  • Lee Penn, Chief Financial Officer and Chief Compliance Officer – PDHI
  • Scott Pettigrew, Chief Security Officer – HMS
  • Matt Phillips, Director, Enterprise Information Protection – Humana
  • Susan Richards, Strategic Program Manager, Information Security – Change Healthcare
  • Hector Rodriguez, National Director, Health and Life Sciences – Azure (Microsoft)
  • Brian Sheehan, Senior Director, Information Risk Management – United Health Group
  • Peter Tiemeyer, Chief Information Security and Privacy Officer – RR Donnelley

HITRUST Business Associate Council Receives 2017 CSO50 Award for IDG’s CSO

HITRUST is pleased to announce that the HITRUST Business Associate Council has been named an honoree of a 2017 CSO50 Award from IDG’s CSO. This prestigious honor is bestowed upon a select group of organizations that have demonstrated that their security initiatives have created outstanding business value and thought leadership for their companies.

View the official press release.

Now in its second year, the HITRUST CSF Assessor Council has grown to 20 appointees, representing a broad range of experience in information security and privacy. The council provides a forum to ensure that HITRUST CSF Assessors can directly submit input to HITRUST thereby influencing the HITRUST CSF Assurance program to continually ensure and evolve its integrity, effectiveness, and efficiency. The creation of the Quality Subcommittee further upholds the continued focus on maintaining a standard of excellence.

The HITRUST CSF Assessor Council interacts regularly with HITRUST to share challenges and opportunities relating to HITRUST service offerings. It holds periodic meetings over the course of each year.

The following individuals, who have been appointed to the 2018 HITRUST CSF Assessor Council, have also been selected to serve on the 2018 Quality Subcommittee:

  • Steve Simmons, Director of Compliance, A-LIGN
  • Andrew Hicks, Managing Principal, Coalfire
  • Allen Foster Bradley, Advisory Senior Manager, Deloitte
  • Nancy Spizzo, Managing Director, Fortrex
  • Todd Bialick, Partner, PwC

The additional 2018 HITRUST CSF Assessor Council appointees are:

  • Blaise Wabo, Managing Consultant, A-LIGN
  • Josh Ayers, Managing Director, BDO
  • Deepak Chaudhry, Director, BDO
  • Mark Ferrari, VP & CISO, BluePrint Healthcare IT
  • Keith Kenna, Manager, Compliance Programs, BluePrint Healthcare IT
  • Abe Dress, Director, Coalfire
  • Erika Del Giudice, Senior Manager, Crowe Horwath
  • Arshad Ahmed, Partner, Crowe Horwath
  • Doug Ochs, President, Fortrex
  • Powell Jones, Senior Manager, Grant Thornton
  • Brad Barrett, Senior Manager, Grant Thornton
  • Jessica Skibbe, VP & Chief Compliance Officer, Kirkpatrick Price
  • Brian Hukriede, Manager IT Security, Optum
  • Dennis Quandt, Director, PwC
  • Gary Nelson, Principal, Schellman & Co.

You can view the official press release announcing the appointment of the latest members here.