Day four at HITRUST 2016 was the final day of the conference, but the content covered was no less compelling than the previous days. The morning commenced early with a general session featuring a panel that included Brenda Callaway of Health Care Service Corporation, Darin Clapp from Humana, and Bryan Sheehan of UnitedHealth Group. During the presentation, Managing Third Party Compliance: How the CSF Can Help, the panel discussed relevant points such as:
- The types of assessments available to the industry
- Current challenges for customers
- Guidelines and regulatory requirements
- The benefits of HITRUST assessment and certification to customers and suppliers
- The main reasons why HITRUST makes sense for the industry
Following the first session, Travis Good from Catalyze, Deborah Hutchinson of Availity, Daryl Hykel, HMS, and Lee Penn of PDHI hosted Leveraging your CSF Assessment Reporting with Customers, which covered areas such as driving culture change in an organization, increasing HITRUST acceptance from third-party assessors, and more.
There were two mid-morning breakout sessions. Breakout 1 covered the following topics:
- Healthcare and Cloud Storage: What you can do to secure your deployment – with Vice President of Information Technology and Chief Information Security Officer at Molina Healthcare, Sudhakar Gummadi and;
- Application Vulnerability Reporting and Threat Tracking – with HITRUST’s Senior Advisor, Public Policy David Muntz, who discussed, among other things, the evolution of principles in the industry and asked the important question, “Should a vulnerability management maturity model be developed?”
After David Muntz concluded, Nicholas Albright, Vice President of Security and Intelligence at Anomali started a very agile discussion on brand and supply change monitoring. He introduced zero premises control and touched on the issue of suspicious domain registration, but also alternated in an open Q&A engagement with the audience throughout.
In Breakout 2, Nadia Fahim-Koster of Meditology Services presented Leveraging the CSF to Assess HIPAA Privacy, then, Ken Vander Wal, Chief Compliance Officer at HITRUST discussed Leveraging CSF to Support SOC 2® Reporting.
In a final lunch discussion, the conference culminated with HITRUST management members Dr. Bryan Cline, Michael Frederick, and Ken Vander Wal covering the CSF Roadmap for 2017 and Beyond .
A lot of ground was covered in the four days of the conference and the overwhelming feedback indicated that attendees found the event to be enriching and worthwhile professionally.