This story contains promotional content. Learn more.
A webcast and podcast series with HITRUST
This series contains 2 stories:
PODCAST: Patient Care Upheld and Assurance Quality Maintained: How HITRUST Responded To A Crisis Through Preparation, Leadership, And Collaboration with Andrew Hicks, Michael Parisi, Jeremy Huval, and Bimal Sheth
WEBCAST: Your Pre-Crisis Culture Will Determine Your Ability To Adapt To Unpredictability During A Crisis with Omar Khawaja, John Houston, and Michael Parisi
Patient Care Upheld and Assurance Quality Maintained: How HITRUST Responded To A Crisis Through Preparation, Leadership, And Collaboration
Guests:
Andrew Hicks, Vice President, Risk Assurance, Frazier & Deeter
Michael Parisi, Vice President Assurance Strategy, HITRUST
Jeremy Huval, Chief Compliance Officer, HITRUST
Bimal Sheth, Vice President - Assurance Services, HITRUST
Full show notes below
Additional Resources Related To This Podcast
Blog: Addressing the Impact of COVID-19 on CSF Assessment Procedures
CSF Assurance & Implementation Bulletin
Your Pre-Crisis Culture Will Determine Your Ability To Adapt To Unpredictability During A Crisis
Guests:
Omar Khawaja, Chief Information Security Officer, Highmark Health
John Houston, Vice President, Information Security and Privacy; Associate Counsel, UPMC
Michael Parisi, Vice President Assurance Strategy, HITRUST
Prefer a podcast? Have a listen!
Full show notes below
Additional resources related to this conversation
Provider Third Party Risk Management Council
HITRUST Third Party Risk Assurance Program
Their Story conversations with Sean Martin and HITRUST executives and partners
This is a 2-part podcast and webcast series with HITRUST executives along with some of their strategic customers and partners. The series explores the value of a formal risk management program coupled with a well-formed culture of security and business continuity that focuses on the impact a crisis can have on the customer.
Bookmark this page to catch all of the episodes as they become available.
Show Notes
Podcast | Patient Care Upheld and Assurance Quality Maintained: How HITRUST Responded To A Crisis Through Leadership And Collaboration
Guests:
Andrew Hicks, Vice President, Risk Assurance, Frazier & Deeter
Michael Parisi, Vice President Assurance Strategy, HITRUST
Jeremy Huval, Chief Compliance Officer, HITRUST
Bimal Sheth, Vice President - Assurance Services, HITRUST
What you are about to listen to is a collection of stories that genuinely sit at the intersection of technology, cybersecurity, and society. It doesn’t get much more real than this, and you’ll see why as we dig into the conversation. As you prepare to listen, consider the following.
Organizations that care about risk and keeping their businesses alive and healthy during times of disruption invest in risk management and business continuity plans. Many of them may be mature enough to engage in test runs and execute tabletop exercises against those plans—the goal is to play out what they think might happen during a crisis.
However, not every risk management program nor business continuity plan accounts for all potential scenarios. Many programs/plans may also not account for changes to—and impacts against—their supply chain. The internal business rules and contracts that define what is an appropriate level of risk to accept coupled with the realities of government laws and regulation only adds to the challenges when dealing with changes to how organizations identify, assess, select, onboard, and manage their third-party supply chain. How do you maintain business continuity while not lowering your risk assurance and security control standards—or falling out of compliance—when everything is turned upside-down and inside-out?
That’s what we speak to in this conversation.
More importantly, we are going at this from the end customer perspective—i.e., the consumer of the products and services you offer as a business. In some cases, this is a patient that needs critical care during a pandemic.
Can organizations waive off their obligations to maintain their previously-agreed-upon security posture? Can organizations throw away the rules in support of managing patient care during a pandemic? Is there a means to ensure that the quality of the risk and compliance assurance they’ve already invested can be maintained while also dealing with the crisis and the long-term effects that will stretch well beyond the event itself?
Have a listen to this episode to get answers to these questions and more.
Then, please share it and stay tuned for the upcoming webcast conversation with two C-level executives.
Show Notes
How Your Pre-Crisis Culture Will Determine Your Ability To Adapt To Unpredictability During A Crisis
Guests:
Omar Khawaja, Chief Information Security Officer, Highmark Health
John Houston, Vice President, Information Security and Privacy; Associate Counsel, UPMC
Michael Parisi, Vice President Assurance Strategy, HITRUST
When it comes to managing risk for your third-party vendors, do you find your organization using the “COVID-19 excuse?” Is this the right decision long term (or even short term)? Or, are you merely kicking the can of risk down the road?
If your business is anything like John’s and Omar’s, you certainly had to make some quick decisions on how to meet the new requirements of the company and your customers as the environments in which you operate change drastically.
Did you have to switch off vendors that were no longer needed or couldn’t meet the demand (or, perhaps, had to shut down due to the crisis)? Did you have to onboard new suppliers to fulfill a need you never imagined would be needed (such as temporary tents in the parking lot to test patients)? Did you have to rush a new service provider onto the network to ensure patients can get the devices and related apps to their hospital bedside as a matter of life or death (such as ventilators)?
These scenarios may not precisely match yours — primarily if you don’t operate as a health provider in the healthcare space. However, you can almost certainly appreciate the challenges that come with these scenarios and can likely connect the dots in some way to your business.
This begs the question: were you prepared for a crisis? Were you ready for your supply chain to be turned upside down? Did you have a culture of security and risk management baked into your organization such that the team could rise to the challenges introduced by the crisis without compromising security and adding unnecessary risk?
Our guests in this Their Story on ITSPmagazine share their detailed experiences with us, guiding us through the importance of having a plan, practicing that plan, maintaining open and transparent communications, and being able to measure/report on the status of risk at any given moment — even (especially) for your third-party vendors — even during a crisis.
Go on. Have a listen to what a culture of security and risk management sounds like.