HITRUST is committed to providing the most relevant, up-to-date information security and privacy offerings to the healthcare industry. To complement this commitment, HITRUST continuously and actively solicits industry input on potential changes and updates and draws upon the expertise of Councils to ensure our programs, services and initiatives serve, and stay aligned to, the information security and privacy needs of the industry.

Active Councils (click to expand)

The HITRUST CSF Advisory Council was established to coordinate with HITRUST to maintain and improve the HITRUST CSF, ensuring it meets the demands of today’s healthcare industry while leading the program into the future as the healthcare industry continues to grow and mature.

HITRUST CSF Advisory Council members actively advise and make recommendations to HITRUST with respect to the structure and content of the HITRUST CSF and CSF Assurance Program based on their various areas of subject matter expertise and experience, as well as the expertise and experience of their respective constituencies and other stakeholders.

In 2017, the Council was expanded with the addition of key standards and trade associations so that HITRUST could receive input and consensus from every healthcare sector where risk management is relevant.

The CSF Advisory Council Members include:

  • America’s Health Insurance Plans (AHIP)
    Marilyn Zigmund Luke, Vice President, Special Projects
  • American Hospital Association (AHA)
    Lawrence Hughes, Assistant General Counsel
  • American Medical Association (AMA)
    Laura Hoffman, Assistant Director, Department of Federal Affairs
  • American Medical Group Association (AMGA)
    Richard Stempniewicz, Chief Technology Officer
  • Electronic Healthcare Network Accreditation Commission (EHNAC)
    Lee Barrett, Executive Director
  • Texas Medical Association (TMA)
    J. Stefan Walker, M.D., HIT Committee Member and practicing physician
  • Independent Member:
    Jason Taule, Chief Security Officer and Chief Privacy Officer, FEI Systems
  • Independent Member:
    Kirk Nahra, Partner, Wiley Rein LLP

The HITRUST Third Party Assurance Council (TPA Council) was formed with the mission to give healthcare business associates a voice and drive efficiencies and effectiveness in third-party information security assurance. HITRUST also named the 17 founding members, representing a diverse cross-section of technology vendors supporting the healthcare and public health sector as well as security, risk, compliance and audit executives. The TPA Council will hold four meetings over the course of the year.

The TPA Council was created to ensure the healthcare industry is effectively collaborating with the vendors supporting the healthcare industry. The TPA Council provides a forum to ensure business associates and vendors are able to provide input, influence, and directly engage with HITRUST and healthcare organizations relating to the HITRUST Third Party Assurance program. Through interaction with the TPA Council, HITRUST will work to ensure that the Third Party Assurance and other programs are considering and accommodating business associate and vendor perspectives and objectives.

Members of the TPA Council include:

  • Chris Drake, CTO and Founder – Armor
  • Debbie Hutchinson, Director, Third Party Assurance and Chief Audit Executive – Availity
  • Jessie Skibbe, Sr. Practice Manager, Security Assurance Services – Amazon Web Services
  • Don Kleoppel, CISO – Cerner
  • Susan Richards, Strategic Program Manager, Information Security – Change Healthcare
  • Rick Gilmore, Director, Corporate Security Information Risk Management – Cognizant
  • Troy Bos, Senior Manager, Internal Audit – Conduent
  • Ryan Rich, Chief Product Officer – Datica
  • Travis Good, M.D., CEO and Co-founder – Datica
  • Brenda Magri, Senior Director, Security Strategy – Fiserv
  • Sam Morales, Program Manager, Engineering Compliance – Google
  • Pete Teoh, Program Manager, Security Compliance – Google
  • Scott Pettigrew, Chief Security Officer – HMS
  • David Houlding, Principal Healthcare Lead– Microsoft
  • Hector Rodriguez, Healthcare Industry Executive Director – Oracle
  • Mike Carpenter, Director – Regulatory Compliance and Cloud Security – Oracle
  • Lee Penn, Chief Financial Officer and Chief Compliance Officer – PDHI
  • Bob Smith, Senior Manager, Security Compliance – Salesforce
  • Adam Gallucci, Cloud Compliance Adviser – SAP
  • Susan Mercurio, Digital Compliance, Americas – SAP

HITRUST Third Party Assurance Council Receives 2017 CSO50 Award for IDG’s CSO

HITRUST is pleased to announce that the HITRUST Third Party Assurance Council has been named an honoree of a 2017 CSO50 Award from IDG’s CSO. This prestigious honor is bestowed upon a select group of organizations that have demonstrated that their security initiatives have created outstanding business value and thought leadership for their companies.

View the official press release.

Now in its second year, the HITRUST Authorized External Assessor Council has grown to 20 appointees, representing a broad range of experience in information security and privacy. The council provides a forum to ensure that HITRUST Authorized External Assessors can directly submit input to HITRUST thereby influencing the HITRUST CSF Assurance program to continually ensure and evolve its integrity, effectiveness, and efficiency. The creation of the Quality Subcommittee further upholds the continued focus on maintaining a standard of excellence.

The HITRUST Authorized External Assessor Council interacts regularly with HITRUST to share challenges and opportunities relating to HITRUST service offerings. It holds periodic meetings over the course of each year.

HITRUST Authorized External Assessor Council members include:

  • Blaise Wabo: Managing Consultant, A-LIGN
  • Steve Simmons: Director of Compliance, A-LIGN
  • Deepak Chaudhry: Director, BDO
  • Josh Ayers: Managing Director, BDO
  • Erika Del Giudice: Partner (Principal), Crowe
  • Jaclyn Dettloff: Senior Manager – IT Assurance, Crowe
  • Allen Foster Bradley: Advisory Senior Manager, Deloitte
  • Doug Ochs: President, Fortrex
  • Brad Barrett: Senior Manager, Grant Thornton
  • Powell Jones: Senior Manager, Grant Thornton
  • Drew Hendrickson: Shareholder, LBMC
  • Nancy Spizzo: Senior Manager of Risk Services, LBMC
  • Brian Hukriede: Manager IT Security, Optum
  • Dennis Quandt: Director, PwC
  • Todd Bialick: Partner, PwC
  • Doug Kanney: Principal, Schellman & Co.
  • Gary Nelson: Principal, Schellman & Co.

You can view the official press release announcing the appointment of the latest members here.

Organizations no longer operate in a fixed environment. Today, more than ever, it is critical to continually innovate and address the new technologies, laws and regulations that impact organizations as they develop and grow.

The Research Advisory Council will identify opportunities to help ensure the HITRUST Approach remains current and relevant to the needs of the HITRUST community. Members will advise and make recommendations to the OR&S based on their area of research or technical expertise.

Learn more about the HITRUST Research Advisory Council here.