HITRUST is committed to providing the most relevant, up-to-date information security and privacy offerings to the healthcare industry. To complement this commitment, HITRUST continuously and actively solicits industry input on potential changes and updates and draws upon the expertise of Councils to ensure our programs, services and initiatives serve, and stay aligned to, the information security and privacy needs of the industry.

Active Councils (click to expand)

The HITRUST CSF Advisory Council was established to coordinate with HITRUST to maintain and improve the HITRUST CSF, ensuring it meets the demands of today’s healthcare industry while leading the program into the future as the healthcare industry continues to grow and mature.

HITRUST CSF Advisory Council members actively advise and make recommendations to HITRUST with respect to the structure and content of the HITRUST CSF and CSF Assurance Program based on their various areas of subject matter expertise and experience, as well as the expertise and experience of their respective constituencies and other stakeholders.

In 2017, the Council was expanded with the addition of key standards and trade associations so that HITRUST could receive input and consensus from every healthcare sector where risk management is relevant.

The CSF Advisory Council Members include:

  • America’s Health Insurance Plans (AHIP)
    Marilyn Zigmund Luke, Vice President, Special Projects
  • American Hospital Association (AHA)
    Lawrence Hughes, Assistant General Counsel
  • American Medical Association (AMA)
    Laura Hoffman, Assistant Director, Department of Federal Affairs
  • American Medical Group Association (AMGA)
    Richard Stempniewicz, Chief Technology Officer
  • Electronic Healthcare Network Accreditation Commission (EHNAC)
    Lee Barrett, Executive Director
  • Texas Medical Association (TMA)
    J. Stefan Walker, M.D., HIT Committee Member and practicing physician
  • Independent Member:
    Jason Taule, Chief Security Officer and Chief Privacy Officer, FEI Systems
  • Independent Member:
    Kirk Nahra, Partner, Wiley Rein LLP

The HITRUST Business Associate Council (BA Council) was formed with the mission to give healthcare business associates a voice and drive efficiencies and effectiveness in third-party information security assurance. HITRUST also named the 17 founding members, representing a diverse cross-section of technology vendors supporting the healthcare and public health sector as well as security, risk, compliance and audit executives. The BA Council will hold four meetings over the course of the year.

The BA Council was created to ensure the healthcare industry is effectively collaborating with the vendors supporting the healthcare industry. The BA Council provides a forum to ensure business associates and vendors are able to provide input, influence, and directly engage with HITRUST and healthcare organizations relating to the HITRUST Third Party Assurance program. Through interaction with the BA Council, HITRUST will work to ensure that the Third Party Assurance and other programs are considering and accommodating business associate and vendor perspectives and objectives.

Members of the BA Council include:

  • Chris Drake, CTO and Founder – Armor
  • Wayne Reynolds, Head of Security (CISO) – Armor
  • Debbie Hutchinson, Director, Third Party Assurance and Chief Audit Executive – Availity
  • Jessie Skibbe, Sr. Practice Manager, Security Assurance Services – AWS
  • Don Kleoppel, CISO – Cerner
  • Susan Richards, Strategic Program Manager, Information Security – Change Healthcare
  • Rick Gilmore, Director, Corporate Security Information Risk Management – Cognizant
  • Troy Bos, Senior Manager, Internal Audit – Conduent
  • Ryan Rich, Chief Product Officer – Datica
  • Travis Good, M.D., CEO and Co-founder – Datica
  • Brenda Magri, Senior Director, Security Strategy – Fiserv
  • Sam Morales, Program Manager, Engineering Compliance – Google
  • Pete Teoh, Program Manager, Security Compliance – Google
  • Scott Pettigrew, Chief Security Officer – HMS
  • Jake Gibson, CSO and CCO – LightEdge Solutions
  • Nikola Todev, Head of Information Security, OnRamp – LightEdge Solutions
  • Hector Rodriguez, Chief Information Security Officer, Worldwide Health – Microsoft
  • Mike Carpenter, Director – Regulatory Compliance and Cloud Security Oracle
  • Lee Penn, Chief Financial Officer and Chief Compliance Officer – PDHI
  • Bob Smith, Senior Manager, Security Compliance – Salesforce
  • Adam Gallucci, Cloud Compliance Adviser – SAP
  • Susan Mercurio, Digital Compliance, Americas – SAP

HITRUST Business Associate Council Receives 2017 CSO50 Award for IDG’s CSO

HITRUST is pleased to announce that the HITRUST Business Associate Council has been named an honoree of a 2017 CSO50 Award from IDG’s CSO. This prestigious honor is bestowed upon a select group of organizations that have demonstrated that their security initiatives have created outstanding business value and thought leadership for their companies.

View the official press release.

Now in its second year, the HITRUST CSF Assessor Council has grown to 20 appointees, representing a broad range of experience in information security and privacy. The council provides a forum to ensure that HITRUST CSF Assessors can directly submit input to HITRUST thereby influencing the HITRUST CSF Assurance program to continually ensure and evolve its integrity, effectiveness, and efficiency. The creation of the Quality Subcommittee further upholds the continued focus on maintaining a standard of excellence.

The HITRUST CSF Assessor Council interacts regularly with HITRUST to share challenges and opportunities relating to HITRUST service offerings. It holds periodic meetings over the course of each year.

HITRUST CSF Assessor Council members include:

  • Blaise Wabo: Managing Consultant, A-LIGN
  • Steve Simmons: Director of Compliance, A-LIGN
  • Deepak Chaudhry: Director, BDO
  • Josh Ayers: Managing Director, BDO
  • Abe Dress: Director, Coalfire
  • Andrew Hicks: Managing Principal, Coalfire
  • Erika Del Giudice: Partner (Principal), Crowe
  • Jaclyn Dettloff: Senior Manager – IT Assurance, Crowe
  • Allen Foster Bradley: Advisory Senior Manager, Deloitte
  • Doug Ochs: President, Fortrex
  • Brad Barrett: Senior Manager, Grant Thornton
  • Powell Jones: Senior Manager, Grant Thornton
  • Drew Hendrickson: Shareholder, LBMC
  • Nancy Spizzo: Senior Manager of Risk Services, LBMC
  • Brian Hukriede: Manager IT Security, Optum
  • Dennis Quandt: Director, PwC
  • Todd Bialick: Partner, PwC
  • Gary Nelson: Principal, Schellman & Co.

You can view the official press release announcing the appointment of the latest members here.