HITRUST 2017 | May 8 – 11, 2017

at the Gaylord Texan Resort in Grapevine, Texas


Registration deadline for ITSPmagazine readers ONLY is extended until April 21, 2017*.
There are only few spots available.

*Ignore the 14 April deadline message when you get to the registration website from our magazine.


HITRUST 2017, Where Cybersecurity and Compliance Professionals Prepare for the Future of Healthcare.

HITRUST CSF Certified Organizations and Those Looking to be Certified Are Invited to Participate.

May 8 – 11, 2017 at the Gaylord Texan Resort in Grapevine, Texas

HITRUST 2017 is the only event dedicated to exploring all aspects of healthcare information protection and utilization of the HITRUST CSF and HITRUST CSF Assurance Program. Taking place May 8 – 11, 2017 at the Gaylord Texan Resort in Grapevine, Texas, the conference will feature a mix of general sessions, breakout sessions, and networking opportunities.

With the goal of enabling attendees to more effectively meet industry and regulatory compliance requirements and improve healthcare information protection, HITRUST 2017 will expose attendees to collaborative discussions of industry trends, market dynamics, and in-depth knowledge of how the HITRUST CSF and related tools can aid their organizations in conducting assessments, and improve their overall protection of health information.

                             Learn more about HITRUST 2017

                             Learn more about HITRUST 2017

Why Attend?
Here are 3 great reasons.

Learn from industry-renowned subject matter experts from healthcare, professional services and technology organizations who will address topics such as cyber sharing, cloud computing, de-identification, SOC 2 reporting, third-party assurance and vital information for service providers. 

Attendees will be exposed to collaborative discussions of industry trends, market dynamics and in-depth knowledge of how the HITRUST CSF and related tools can aid their organizations in conducting assessments and improving their overall protection of health information. 

The HITRUST annual conference is an outstanding opportunity to network with peers and engage in relevant, helpful discussions on compliance and risk management - providing you with the information you need, and contacts your can leverage, to enhance your professional objectives.

HITRUST CSF Certified Organizations and Those Looking to be Certified Are Invited to Participate.

HITRUST 2017 will present a variety of sessions that address risk management, regulations, standards, frameworks and information sharing and is a must for any professional involved in the health industry and concerned about protecting health data from the prying eyes of cyber criminals and other malicious entities. Expert speakers will discuss industry trends, market dynamics and how the HITRUST CSF and related tools can aid organizations in conducting assessments, as well as how to improve overall protection of health information while effectively meeting compliance requirements.

Want more from your HITRUST CSF Certification?

The HITRUST 2017 Conference offers a collaborative environment designed to help attendees to stay up-to-date on the latest trends, best practices, and more. Attendees will join their peers to learn from the best experts so they can stay ahead of the curve.

By participating in HITRUST 2017, certified organizations can hone their certification and information protection skills, taking advantage of an outstanding opportunity to network with peers and engage in relevant, helpful discussions on security, compliance and risk management.

Some topics to be discussed include:

  • Communicating the status of information protection programs from multiple viewpoints or via benchmarking (i.e., HITRUST CSF maturity scores and NIST Cybersecurity Framework implementation tiers),
  • Reporting across multiple industries (i.e., HIPAA for PII/PHI, PCI DSS for payments, FFIEC for financial services, and FedRAMP for federal and Cloud)
  • Addressing an internal or external stakeholder’s request for reporting against various, multiple regulations, standards, and best practice frameworks.

The value of assess once, report many is critical in providing better patient care while meeting a number of industry and regulatory requirements. HITRUST 2017 is the best place to tune the HITRUST CSF to get the most out of the compliance investment.

Want to Jumpstart Your HITRUST CSF Certification?

You've come to the right place. Attend the conference to learn from the top IT Healthcare experts; they'll share their insights into what the future holds for the industry and how to take the first steps to achieve compliance and become CSF certified. Join your peers to gain valuable insights from a number of world-renowned speakers on topics that include proven steps to address:

  • Risk Management and Regulatory Compliance
  • Cyber Threat Information Sharing and Resilience
  • Privacy and Security Framework Adoption and Assessment
  • Cloud Security
  • Third-party Assurance and Vendor Risk Management

Ambiguity and uncertainty can hinder any project. HITRUST 2017 can help bring clarity and experts best pracites to the HITRUST CSF, driving confidence into the program as the first steps are taken.


HITRUST 2017: Sessions for Small Medical Practices

For small medical practices without appropriate resources (time, knowledge, staff), the idea of implementing cybersecurity can be overwhelming. At the same time, it's imperative that a doctor's office be in compliance with government regulations while taking appropriate measures to avoid cyber attacks that may disclose patients' protected health information, cause system downtime resulting in added expenses or otherwise compromise the safety of the practice. 

To address this need, HITRUST developed CyberAid, a program that provides small medical practices (75 or fewer staff) with the technology and services required for worry-free cybersecurity protection. Launched in August 2016, the program is a success so far: 40% of the healthcare practices assessed had active malware or spyware on their IT systems – all discovered by CyberAid and immediately remediated. 

HITRUST partnered with Trend Micro for the technology, so the CyberAid program includes hardware, software, installation assistance, 24/7 monitoring, training and support, ensuring that smaller healthcare organizations receive effective cyber protection against viruses, malware, phishing attacks, ransomware, and other threats.

In addition to the protection capabilities found in CyberAid, and in direct response to feedback from some of these smaller healthcare organizations looking for a viable means to meet regulatory demands while protecting their business against cyber threats, HITRUST collaborated with the physician community and small businesses to develop and pilot a new program called CSFBASICs (CSF Basic Assurance and Simple Institution Cybersecurity). The CSFBASICs program provides lower-risk organizations with a simplified set of requirements and a streamlined assessment approach that is easier to understand and implement. The program also offers third parties—including regulators—appropriate assurances and transparency into their information privacy and security programs.

At this year's HITRUST 2017 conference, attendees will have the opportunity to learn more about CyberAid and CSFBASICs – getting a view into how these programs work, how to get started with each, best practices to make them wildly successful, as well as the future roadmap.

These discussions, presentations and more are available in a variety of breakout sessions designed specifically for small medical practices who want to understand how to achieve a technologically secure environment and remain in full compliance with regulations. 


  • 360 Degree Assurance: Emerging Business Drivers for Provider Certification
  • Third Party Risk: Achieving Assurance, Coverage & Agreement
  • Malware: What Do You Do When Prevention Fails?


  • SOC 2 + HITRUST: Understanding the Benefits
  • Third Party Assurance - Business Associates & Vendor Roles
  • Starting Your Startup's HITRUST Certification Initiative
  • HITRUST Cyber Aid Security Program


  • Common HITRUST Certification Pain Points | Lessons Learned & Effectively Addressing Issues Before You Start
  • CSF Roadmap for 2018 and Beyond

Who are the speakers? We're very happy to tell you!

Below are just some of the industry-renowned speakers you will get to hear from: 

Daniel Nutkis

Chief Executive Officer at HITRUST

Dan has more than 20 years of experience in providing strategic advisory services in areas relating to health information technology. His recent focus has been on technologies that enable information protection and strategic business objectives. Prior to founding HITRUST, he held various positions with email encryption and e-prescribing service company Zix Corporation (NASDAQ: ZIXI), including Executive Vice President, Strategy, and President, Care Delivery. He was also with Ernst & Young LLP’s healthcare emerging technology groups as National Director. He has led a number of industry research activities on eHealth vulnerabilities and has been a founding member of work groups and accreditations such as WEDI, CPRI and HCISPP.  Dan has also been recently recognized as a top information security influencer in 2014 by SC Magazine, and in 2015 by Health Information Security Magazine.


+ Robert Booker | Senior Vice President & CISO | United Health Group

Robert Booker is the Chief Information Security Officer for UnitedHealth Group. In this role, Mr. Booker is responsible for information risk management and information security operations for all of UnitedHealth Group business segments. He has been with UnitedHealth Group since July of 2008, and his responsibilities are focused upon information risk management in support of the trust and accountability that UnitedHealth Group delivers to bring quality, affordability, access and simplicity to the health care system.

Presently, Robert serves on the Board of Directors of the Health Information Trust Alliance (HITRUST) and has been instrumental in establishing a common security framework for the health industry, the information sharing and analysis organization (ISAO) for the health industry, and CyberRx – a cyber-exercise program for the industry.

Mr. Booker has presented at numerous security conferences including the MIS Training Institute’s CISO Summit, RSA Conference, Gartner Group’s IT Security and IT Summit Conferences, the Burton Group’s Catalyst conference, the Meta Group’s Energy Information Strategies conference and the Minneapolis Cyber Security Summit. Mr. Booker most recently delivered the closing keynote for the 2016 Twin Cities CISO Executive Summit.

+ Omar Khawaja | Chief Information Security Officer | Highmark

Omar Khawaja has spent 15+ years delivering, developing and managing security solutions for startups, service providers, consulting firms and enterprises. Omar is currently VP and Chief Information Security Officer (CISO) at Highmark Health, an integrated health care delivery and financing system, employing more than 35,000 people and serving 40 million Americans in 50 states. Prior to Highmark, Omar was at Verizon Enterprise Solutions, where he had responsibility for their portfolio of security solutions with customers in 72 countries.

Omar currently serves on the board of the Health Information Trust Alliance (HITRUST), on the Governing Body of Evanta, on the CISO Workgroup of the Blue Cross Blue Shield Association, and as adjunct faculty for the Chief Information Security Officer (CISO) program at Carnegie Mellon University. Omar is a regular speaker at industry forums (speaking engagements include RSA Conference, Information Security Forum, Mobile World Conference, Cloud Security Alliance, Carnegie Mellon University / CERT), and has also been quoted in media outlets such as Financial Times, NY Times and CNBC.

Omar's certifications include CPHIMS (Certified Professional in Healthcare Information and Management Systems), CISSP (Certified Information Systems Security Professional), and CCSK (Certificate of Cloud Security Knowledge). Omar has a BS in Electrical Engineering from Georgia Tech and an MBA from University of Virginia's Darden School of Business.

+ John Riggi | Head of Cybersecurity and Financial Crimes Unit | BDO

John Riggi leads BDO’s Cybersecurity and Financial Crimes Unit, having spent nearly 30 years as a highly decorated veteran of the FBI, and a former representative to the White House Cyber Response Group and Financial Services Steering Committee.

During his time at the FBI, John developed mission critical partnerships in the healthcare industry for the investigation and exchange of information related to national security and criminal cyber matters, as well as national initiatives to warn of specific cyber threats. Between 2014 and 2016, he played a strategic role in the investigation of every major healthcare-related cyber incident in the U.S. John also has extensive experience investigating complex healthcare fraud and related financial crime schemes.

John presently works with the American Hospital Association to lead strategic cybersecurity risk management training for the organization’s more than 5,000 hospital CEO members. In partnership with the Health Information Trust Alliance (HITRUST), John, who was named a member of the governing board, played a key role in the development and implementation of the new HITRUST Threat Catalogue, a first-of-its-kind tool aligned with the HITRUST CFS Controls, designed to improve a healthcare organization’s ability to prioritize security program activities based on a greater understanding of the risks they face.

In addition, John is an official private sector validator for the White House’s Presidential Policy Directive (PPD) on U.S. Cyber Incident Coordination, a policy intended to improve collaboration between the public and private sectors to combat significant cyber threats potentially impacting public health and safety, national security or economic security.

Previously in his career, John served in the FBI’s Washington Office Intelligence Division, the New York Office High Intensity Financial Crimes Area Task Force, and was National Operations Manager for its Terrorist Financing Section. He also served at the CIA’s Counterterrorism Center. John is the recipient of the FBI Director’s Award for leading a highly successful classified terrorism financing interdiction program, and also received the CIA George H.W. Bush Award for Excellence in Counterterrorism, the CIA’s highest award in this category. He is frequently quoted in the media as a leading authority on cybersecurity and counterterrorism topics and has presented extensively on both subjects.

+ Brad Carvellas | CISSP, CISM, ALMI | Director, Information Security and Risk Management | HM Health Solutions

Brad is responsible for the Information Security Governance, Risk and Compliance programs at HM Health Solutions serving Highmark Health and the Allegheny Health Network, one of the largest integrated financing and healthcare delivery systems in the United States serving more than 50 million Americans in all 50 states and the District of Columbia. Brad’s team lead HM Health Solutions and United Concordia Dental to HITRUST CSF certification for their Health and Dental claims processing platforms in 2015.

Previously, Brad developed, delivered and managed enterprise IT and information security solutions supporting Fortune 200 life insurance and annuity carriers and their producers. Brad is a graduate of Muhlenberg College and resides in Pittsburgh PA.

+ Robert Pittman | Vice President, Operations | HITRUST

Michael Frederick has 20+ years’ experience in information security. He is currently the Vice President of Operations at HITRUST. Prior to joining HITRUST he was CEO of The Frederick Group, a professional services firm focused on security risk management in healthcare. He served as Chief Information Security Officer (CISO) for eight years at a large healthcare system. While in this role, he led the organization in becoming the first hospital system to be certified under the HITRUST CSF and was the industry lead in the provider space during the development of the CSF. He has been a speaker at numerous security events and has been published on the topics of risk management, applying security practices within an organization, and how to build an effective security organization. Prior to his CISO role, he was a security architect, security manager in industry and a security consultant in various large accounting firms. He has been a Certified Information System Security Professional (CISSP) since 1999.

+ Dr. Bryan Cline | Ph.D. | Vice President, Standards and Analytics | HITRUST

Bryan Cline, Ph.D. is the Vice President for Standards and Analytics and provides thought leadership and guidance for the healthcare industry’s model implementation of the NIST Cybersecurity Framework. Responsibilities include a broad range of HITRUST risk management framework support such as requirements integration, control specification, and the development of standards, methods, processes and tools that healthcare organizations can use to facilitate the integration and assessment of the CSF in their information protection and cybersecurity programs. As a former senior advisor and VP of CSF Development and Implementation, he worked closely with the THSA to develop SECURETexas—the first state program of its kind certifying compliance with federal and state requirements for the privacy and security of health information—and is considered the ‘father’ of the HealthCare Information Security and Privacy Practitioner credential for spearheading its development with (ISC)2. Dr. Cline has also served as the Chief Information Security Officer for Catholic Health East and The Children’s Hospital of Philadelphia in addition to his 20+ years in the Department of Defense as an information systems and information security professional, including the CISO role at the Headquarters, Allied Air Forces Southern Europe. He’s spoken at multiple conferences and symposia on information security and privacy risk management in the healthcare industry and published articles and papers on risk management and security engineering in several journals and proceedings. Dr. Cline’s professional certifications include the CISSP-ISSEP, CISM, CISA, HCISPP, CIPP/US, CCSFP, NSA IAM/IEM, MCIATT and DoD’s CAP in project management.

+ Adrian Christie | CISA, CCSFP | Risk Assurance Director | PwC

Adrian is a Boston-based Risk Assurance Director serving healthcare provider and payer clients in the Northeast and across the country. Adrian’s experience includes more than 10 years of delivering and managing a wide range of audit and advisory services.

He has experience leading information technology (IT) systems and controls audits and assessments for many of the Northeast's most prominent healthcare organizations. This includes IT general controls audits associated with year-end financial reporting, SSAE16/SOC1 and SOC2 reporting engagements, as well as monitoring services in connection with Department of Health and Human Services’ Office for Civil Rights (OCR) resolution agreements and corrective action plans. Adrian has also managed internal audit functions through an outsourcing or co-sourcing relationship. Responsibilities include conducting risk assessments, developing risk-based internal audit plans, defining scope and managing the execution information security audits, and delivering results and recommendations to senior management and audit committees. Finally, Adrian has led various advisory services to assess information security controls specific to HIPAA, HITRUST Common Security Framework (CSF) readiness and certification, as well as provide IT strategy and system implementation guidance.

Adrian has developed and delivered presentations on information security concepts and controls to Boards, Senior Leadership teams and professional organizations. He has also been a speaker on these topics at several external conferences.

+ Lee Penn | Chief Financial Officer & Chief Compliance Officer | PDHI

Lee Penn is Chief Financial Officer, Chief Compliance Officer and HIPAA Privacy Officer and a member of the Risk Management Team at PDHI. PDHI is a technology services organization that develops and distributes the ConXus Platform, a SaaS application, for delivering workplace wellness and population health management programs. The ConXus Platform achieved certification without CAPs under the HITRUST CSF Assurance Program in February, 2015 and is undergoing recertification at this time. Penn is also a founding member of the HITRUST Business Associate Council. He joined PDHI after holding financial management positions at the S/L/A/M Collaborative, Yale University and Xerox Corporation. Penn holds a bachelor of science degree from Cornell University and a master’s of business administration degree from the University of Connecticut.

+ Dr. Earl J. Motzer | Ph.D. | Chair, HHS ASPR Healthcare & Public Health Sector Coordinating Council

Earl J. Motzer, Ph.D. is a retired hospital and nursing home Chief Executive Officer with fifty years of service, and a retired adjunct graduate school faculty member with forty-one years of service. He continues as a community based faculty member at the University of Kentucky College of Public Health.

Earl is Chair of the Healthcare and Public Health Sector Coordinating Council (HPH SCC) for the Department of Health & Human Services (HHS) Office of the Assistant Secretary for Preparedness and Response (ASPR). He is Vice Chairman of the Department of Homeland Security (DHS) National Infrastructure Protection Program (NIPP) Critical Infrastructure Cross-Sector Council, a member and/or Co-Chair of various DHS Working Groups and committees, and a member of the ODNI Trade Association Partnership.

Earl has been a force multiplier for the FBI for the last twenty-eight years. He is a member of the Board of Directors of the InfraGard National Members Alliance (INMA), authored the book titled "The FBI/InfraGard Partnership - 1996 -2016," and served as a Past National President and member of the FBI National Citizens Academy Alumni Association (FBINCAAA) Board of Directors.

In Kentucky, Earl served as Chair and current member of the Kentucky Hospital Association Emergency Preparedness Committee (KHA EPC); member of the Mercer County Board of Health and the Local Emergency Planning Committee; facilitates the Multidisciplinary Committee on Child Sex Abuse Prevention; Past President & current member of the Harrodsburg Rotary Club; Chairs the Senior Citizens Center Advisory Board & the Crime Stoppers Board; Co-Chairs the Sheriff's Office Community Services Division (and is a sworn Special Deputy and serves as an ILO for the FBI Kentucky Joint Terrorism Task Force), Co-Chairs the Citizens Advisory Board and the Neighborhood Watch Program; serves as moderator for the Political Candidate Forums and Spelling Bees, and has a radio show titled "Mercer County's Most Wanted" which highlights crimes committed, persons wanted, interviews with local officials and safety and security tips.

+ Dennis Quandt | CISA, CCSFP | Risk Assurance Director | PwC

Dennis is a Director in Risk Assurance based in Boston, MA. He has over 13 years of experience delivering process enhancement and controls optimization projects for global organizations that deliver products and services into the healthcare value chain.

Dennis is a tenured Director who regularly presents to senior management and industry organizations on a range of topics impacting the global technology and risk landscape. He has experience leading multi-national teams in the development and delivery of information technology (IT) and business process controls and optimization initiatives. This work includes initiatives to prepare for pending regulation or customer demands as well as third party reporting (SOC 1, SOC 2, custom reporting). He regularly works with a variety of constituents including Risk, Internal Audit, Compliance, Information Security, and Controllership functions to develop risk-based roadmaps, organize and perform internal controls testing and reporting, assess controls/processes against industry recognized security frameworks. In this capacity he has worked with various information security frameworks including ISO 27001/2, NIST, and HITRUST.

+ Ken Vander Wal | Chief Compliance Officer | HITRUST

Ken Vander Wal’s role as Chief Compliance Officer at HITRUST involves providing supervision and oversight to the HITRUST CSF Assurance program. In this capacity, he is responsible for ensuring the quality, completeness and adequacy of the work performed by CSF Assessor organizations. Mr. Vander Wal joined HITRUST after retiring from Ernst and Young where he was a partner in the Technology and Security Risk Services (TSRS) practice and responsible for its global TSRS quality and risk management program. With almost 40 years of IT experience, he has experience in a variety of industries in multiple areas of information systems, including systems development, systems programming, project management, quality assurance, IT auditing and systems security. As the national leader of TSRS quality, Mr. Vander Wal was responsible for ensuring quality was an integral component of Ernst and Young’s methodologies, engagement staffing and service delivery. In this role as well as his previous roles, he served major clients as the IT audit engagement partner or as the quality assurance partner. Mr. Vander Wal is a member of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association. He is both a Certified Public Accountant and a Certified Information Systems Auditor.

+ Daryl Hykel | MS-IA, CRISC, CISA, HITRUST | InfoSec Analyst III - Security Risk Management | HMS

With over 17 years of IT, Audit, and Security Risk experience, Daryl has spent the last three years working at HMS on implementing a HITRUST certification program which includes a Continuous Monitoring component. Other duties include assessing for third-party risk, managing client engagement requests, and working with internal stakeholders to implement risk management processes, with a focus on automation. Previous experience includes stints at Verizon and FedEx, with a humble beginning as a FedEx courier.

+ Travis Good | M.D. | Chief Executive Officer and Co-founder | Datica

Travis Good, M.D., MBA, MS, CEO is co-founder of Datica, formerly Catalyze. He is a speaker, blogger, podcast host and expert in healthcare technology, specifically HIPAA compliance and security issues involved with the field's innovation. In addition to his work as CEO of Datica, which offers a compliant, HITRUST CSF Certified cloud-based infrastructure for enterprise and digital health developers, Dr. Good is also a founding member of the HITRUST Business Associate Council. He also doubles down as host of the Healthcare Innovators Podcast where he interviews and extracts visionary insights from the country's top healthcare CIOs. Additionally, Dr. Good extensively reported on innovations in healthcare technology as a former editor of industry blog HISTalkConnect.

Time is running out, don't miss your chance to hear your favorite speakers!
Register Today

Where is it, & When?

May 8th - May 11th in Grapevine, Texas
At the Gaylord Texan Resort & Convention Center

Gaylord Texan Resort & Convention Center invites it's visitors to a first-class experience with Southern hospitality. Overlooking the beautiful Grapevine Lake, this hotel offers a one-of-a-kind retreat with luxurious accommodations, first-class restaurants, eclectic shops and 4.5 acres of lush indoor gardens and winding waterways. Unwind at Relâche Spa & Salon, enjoy a brisk workout in the state-of-the-art fitness center or make a splash at Paradise Springs, open seasonally. With more than 400,000 square feet of flexible meeting spaces, attend unforgettable conventions, weddings, receptions, banquets, meetings, family reunions and more, all organized with the help of our professional event planning team. Whatever the occasion, book a stay and come on down for an adventure as grand as Texas itself!

The Event where Cybersecurity Professionals Prepare for the Future of Secure and Compliant Healthcare.

Join us for collaborative discussions of industry trends, market dynamics, and in-depth knowledge of how the HITRUST CSF and related tools can aid their organizations in conducting assessments, and improve their overall protection of health information.

Learn. Collaborate. Deliver.

Hear from industry-renowned speakers and experts

Share the word and invite friends!
HITRUST CSF Certified Organizations and Those Looking to be Certified Are Invited to Participate.

You do not want to miss the opportunity to join us this year!

Registration deadline for ITSPmagazine readers ONLY is extended until April 21, 2017*. There are only few spots available.

*Ignore the 14 April deadline message when you get to the registration website from our magazine.