Health3PT Initiative Announces Significant Progress in 2023 Paving the Way for Solving Third-Party Risk Management in Healthcare for 2024

2024-02-01

Initiative announces new council members, aims for wider adoption of TPRM Best Practices in 2024

FRISCO, Texas, Feb. 1, 2024 /PRNewswire/ -- The Health 3rd Party Trust (Health3PT) Initiative today announced significant strides in 2023 toward solving the Third-Party Risk Management (TPRM) problem in the healthcare sector. The Health3PT initiative has grown to over 1,900 professionals representing 1,100 organizations that are currently engaged with the initiative. Health3PT is now guided by 20 Council member organizations that work to establish standards for TPRM to help organizations reduce vendor risk and streamline their vendor risk process.

The Health3PT Initiative is dedicated to bringing standards, credible assurance models, and automated workflows to increase security around the third-party vendors and suppliers delivering vital services. The Health3PT Council has successfully delivered "The Health3PT Recommended Practices," an instructional framework of actionable steps organizations can take to ensure due diligence and due care throughout the healthcare ecosystem—while improving effectiveness, reducing inefficiencies, and leading the way for standardization in TPRM.

The Health3PT initiative has grown to over 1,900 professionals representing 1,100 organizations.

Post this

The Council's efforts have been bolstered by the adoption of HITRUST as the first assurance methodology, which has played a crucial role in enabling the Recommended Practices. Additionally, the Health3PT Vendor Directory has been launched, serving as a platform for HITRUST Certified vendors, or those in the process of becoming Certified, to showcase their compliance efforts.

"Health3PT member organizations have already notified thousands of vendors about replacing inadequate questionnaires with standardized assessments, streamlining the onboarding process while ensuring the security of services provided by third parties and the associated sensitive information they handle." - Matthew Webb, AVP - Product Security, Chief Product Security Officer, HCA Healthcare

"As evidenced by the substantial number of third-party breaches, the healthcare industry has not done a good job of addressing third-party risk. I do not believe that those efforts have been effective or a good value for the money. The Health3PT Council has arrived upon a solution to this challenge. It starts with organizations adopting the Health3PT Recommended Practices and leveraging the HITRUST assessment portfolio." - John Houston, VP, Information Security and Privacy, UPMC

"I joined Health3PT with a belief that simplicity shouldn't compromise excellence. In the realm of third-party cyber risk management, we strive to simplify processes while raising the bar, ensuring robust security measures for a safer digital future. As we further rely on suppliers and third-party relationships to run and operate our businesses, we have to be able to apply the same cybersecurity standard as if it were our own infrastructure and services." - Tim Witos, Vice President Information Security, McKesson

"PDHI joined H3PT to help other assessed parties implement the "no questionnaire" model that PDHI has followed since 2015. From the PDHI perspective, the effective and efficient delivery of PDHI information security management program information to clients and prospective clients is vital to improving their ease and confidence in doing business with PDHI. The more often relying parties are pushed, as a matter of best practice, to put trust into their third-party risk management programs, the sooner the overall healthcare cybersecurity ecosystem will be significantly strengthened." - Lee Penn, Chief Financial Officer & Chief Compliance Officer, PDHI

Looking to 2024, Health3PT is set to continue its strong trajectory of growth, with a focus on broader adoption of the Recommended Practices. This advancement aims to drive substantial improvements in Vendor Risk Management by moving away from traditional questionnaires to a standard for risk tiering and validated assurances. The initiative will also tackle emerging challenges, such as evolving regulations and the impact of AI on cyber risk. The 2024 Health3PT Council welcomes new members, including:

Devin Shirley, CISO, Arkansas Blue Cross Blue Shield

Chris Lodico, Senior Director, HCSC

Kathy McKenna-Sauerman, Director, Third-Party Cyber Risk, Humana

Tim Witos, Vice President Information Security, McKesson

David Finkelstein, CISO, St. Luke's University Health Network

Lane Sullivan, SVP, Chief Information Security Officer, Magellan Health

Council Members continuing into 2024

Patricia Yarabinetz, Director, AmeriHealth Caritas

Glen Braden, Principal, Attest Healthcare

Cindy Schuna, Lead Analyst, Cencora

Rick Kratz, Director, Cyber Risk Management, Cencora

Shenny Sheth, Interim System Director for IT Cyber Assessment & Testing, Common Spirit Health

Natalie Henderson, Executive Director, Third Party Risk Governance, CVS

Eric Sinclair, SVP, Chief Information Officer, Evolent Health

Brad Carvellas, Vice President, Chief Information Security Officer, Guthrie

Matthew Webb, AVP – Product Security, Chief Product Security Officer, HCA Healthcare

Brenda Callaway, Divisional VP, Operations Performance Management, Health Care Service Corporation (HCSC)

John Chow, CISO, Healthix

Karin Balsley, Sr. Director, Information Security, HealthStream

Joe Dylewski, Cyber Data Protection Manager, Humana

Dr. Omar Sangurima, Principal Technical Program Manager, Governance, Risk, & Program Management, Memorial Sloan Kettering Cancer Center

Monique Hart, Executive Director of Information Security, Executive Director of Information Security, Piedmont Healthcare

Joel Seymour, Deputy CISO, Premera Blue Cross

John Houston, VP, Information Security and Privacy, UPMC

Ryan George, Sr. Director – IT, IAS, UPMC

Alex Zhivov, Vice President, Information Security, Virtual Health

Bhavesh Merai, Senior Manager, Technology, Risk & Compliance, Walgreens

Additionally, the Council has established a Vendor Committee, comprising both small and large vendors, to ensure a broader perspective on TPRM. This committee is a crucial step towards achieving Health3PT's objective of streamlining TPRM and reducing vendor risk through widespread adoption of the Health3PT Recommended Practices.

To learn more about the best practices and successes of the initiative, join the Health3PT 2024 Kick-off Webinar on February 8.

To join the Health3PT initiative and for more details visit Health3PT.org

About the Health3PT Initiative

Representing leaders from health providers, payers, and healthcare services, the Health3PT Council strives to share best practices in managing third-party risk to deliver on their organizations' mission of safeguarding sensitive information. By driving collaboration with industry and government, the Health3PT Initiative is enabling a standardized approach that organizations can adopt to effectively and efficiently manage third-party risk within their organization and to protect the entire third-party ecosystem. Health3PT is supported by HITRUST, the industry-recognized risk and compliance standards and certification body, and CORL, the healthcare third-party risk management services and solutions provider.

Contacts

Leslie Kesselring

Kesselring Communications for Health3PT

[email protected]

503-358-1012

SOURCE Health3PT