HITRUST® announced the formation of the HITRUST Third-Party Risk Management (TPRM) Council to foster collaboration between companies, third-party vendors and advisory service firms.
The mission for the TPRM Council is to drive efficiencies and effectiveness as it relates to identifying, assessing and mitigating risk in the complex supply chain ecosystem.
Founding members of the TPRM Council are global security, risk, compliance and audit executives representing a diverse cross-section of organisations.
TPRM Council members are committed to identifying and supporting approaches to improve the current TPRM process—with a focus on increasing effectiveness and reducing inefficiencies.
Authority comment
“One of our goals for the Council is to ensure organisations are considering the impact on the supply chain as they mandate assurance requirements on their third parties,” said Dr. Bryan Cline, Chief Research Officer at HITRUST.
“We are providing a collaborative forum for customers, their vendors and their advisors to discuss these challenges, identify actionable solutions and provide inputs directly to HITRUST on the approach toward doing just that—in the most effective, efficient manner.”
Protecting health and identifiable information
Appropriate privacy and security over sensitive and confidential information has never been more important
The need to ensure appropriate privacy and security over sensitive and confidential information, such as protected health information (PHI) or personally identifiable information (PII), with third-party vendors has never been more important.
However, many current approaches to managing third-party risk have unintended, widespread impacts on companies and their vendors. Challenges exist around inconsistent and uncoordinated requirements that lead to redundant assessments.
The results are inefficient uses of time, higher costs, increased burdens and ineffective mitigation strategies.
Bringing together customers, vendors and partners
“The HITRUST TPRM Council will serve to bring together customers, vendors and partners across the ecosystem, helping to establish standards for both effectiveness and efficiency,” said Ashish Gupta, Vice President, Cyber & Data Product Management at Mastercard.
“These objectives are in line with what we do every day at Mastercard, enabling better, more rewarding and more secure experiences for businesses and individuals alike.”
The founding members
The founding members of the TPRM Council include:
- Amazon Web Services (AWS) – Hadis Ali, Security Assurance Manager
- AT&T – Vecky Juko, Associate Director, Supplier Governance, Global Benefits
- Broadridge Financial – Sandra Rohrer, Sr. Director, Product Management, Marketing and Regulatory Communications
- Change Healthcare – Susan Richards, Director, Information Security
- Coalfire – Zachary Shales, Director, Healthcare Assurance
- Conduent – Troy Bos, Director, Client Assurance
- CVS Health – Steve Meallo, Information Security Programme Management
- Frist Cressey Ventures – Chris Booker, Partner
- Frazier & Deeter – Andrew Hicks, VP, Risk Assurance
- Google – Sam Morales, Programme Manager, Cloud Compliance
- Health Care Service Corporation (HCSC) – Chris Lodico, Sr. Director, Information Security
- Humana – Matt Phillips, Enterprise Information Security
- Mastercard – Ashish Gupta, VP, Cyber & Data Product Management
- Microsoft Azure – David Houlding, Director of Healthcare Experiences
- Rite Aid – Robert Lautsch, CISO
- Teleperformance – Jeffery Schilling, Global CISO
- UnitedHealth Group – Brian Troen, Sr. Director, Risk Governance & Supplier Management
- University of Pittsburgh Medical Centre – John Houston, VP, Information Security & Privacy
- Vonage – Ordia Bryan, Sr. Manager, Global Security Compliance
