A Their Story conversation with John Houston, VP, Information Security and Privacy; Associate Counsel at UPMC and Michael Parisi, VP of adoption at HITRUST

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?

Maybe a smart question: Is there an opportunity to be smarter?

Listen in to learn more about the RFI and the role you can have in shaping its outcome.

Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.

A Their Story conversation with Lee Barrett, Executive Director at Electronic Healthcare Network Accreditation Commission, and Michael Parisi (VP of adoption at HITRUST)

Patients, and their providers, deserve to have immediate, accurate access to their personal health information so they can get the best healthcare possible. How and where does the concept of interoperability come into play for a number of societal issues and patient care delivery challenges we are trying to solve for? Let's look at TEFCA to find out.

in today's story, we are joined by two organizations—HITRUST and EHNAC—dedicated to making the healthcare ecosystem thrive by reducing friction in risk management and in supply chain interoperability. This spirit couldn't be applied at a better time with the recent release of TEFCA—the Trusted Exchange Framework and Common Agreement.

A Their Story conversation with John Overbaugh (ASG), Michael Tiemeyer (Teladoc Health), and Michael Parisi (VP of adoption at HITRUST)

Taking responsibility for what we build and how we secure it matters. Especially in the ways we talked about during today’s Their Story episode? It matters to the business partners. It matters to the customers. And, as pointed out by Mike Parisi during this conversation, it matters to society.

There are many reasons why organizations large and small choose HITRUST to help them through their security, risk, and compliance journey.

Why do you choose HITRUST?

A Their Story conversation with Rudi Perkins (Welvie) And Blaise Wabo (A-LIGN), customer and partner of HITRUST, respectively

Suppose you're like Rudi, who, six years ago, tried to bring his organization to an effective level of compliance and increase his security posture by managing multiple spreadsheets. In that case, you're probably finding yourself going nuts — just like Rudi did, and many others do, when faced with a similar complex and overwhelming situation.

Thankfully, this is when Rudi's and Blaise's stories — individually and collectively — can make a world of difference for you.

They've figured many things out: they found the right processes, tools, and partners to make this experience better overall. They've created an experience they want, driven by a common framework that maps all of those things together, giving you the means to do the controls assessment, identify and mitigate the gaps, and then apply that work to many standards, frameworks, and regulations in the US and abroad.

In short, what HITRUST and its Assessor community are doing here is to enable the business — individually and collectively as part of a larger supply chain — to operate securely within the boundaries of the regulatory and industry requirements for which they must abide.

“Our customers expect that of us. Our partners expect that of us. We should expect that of each other and of ourselves too.” —Sean Martin