Healthcare Experts Discuss the Purpose and the Value of the HITRUST CSF Certification Requirement
On November 14th, 2017, Evolve IP hosted an informative security education event entitled HITRUST and Cybersecurity 2018 in our Wayne, PA headquarters. Co-sponsoring the event with Evolve IP were VMware, Veeam Software, Hewlett Packard Enterprise (HPE), Fortinet and Wipfli, the consulting and CPA firm that provided the audited assessments for Evolve IP’s HITRUST Certification
The keynote speakers were Omar Khawaja, Chief Information Security Officer of Highmark Inc. in Pittsburgh (also a member of HITRUST’s board of directors) and nationally-recognized security author and cybersecurity expert Thomas L. Norman of Ingram Micro. The keynote speaking sessions were followed by an interactive panel discussion representing a cross-section of industry viewpoints. The panelists (bios provided below) represented covered entities, business associates, security specialists, auditors, and technology providers. Evolve IP’s VP of Security and Compliance Tim Vogel participated in the panel and shared Evolve IP’s perspective as a provider of industry-leading cloud solutions
for over 250 healthcare clients.
Kicking off the program, Mr. Khawaja offered a unique perspective on the growing adoption of HITRUST and why HITRUST is needed across the industry to strengthen and complement HIPAA. He also explained the role of the HITRUST Common Security Framework (CSF) for enabling the healthcare industry to thrive in the face of mounting cyber threats by creating an environment where continuous security improvement is the standard.
Mr. Norman took the podium next, capturing the audience’s attention with an eye-opening description of emerging international security issues and cyberattacks, and his explanation of how these activities have direct implications for the healthcare industry. He also shared cutting-edge strategies for implementing effective security frameworks both on premises and in the cloud, including valuable strategies for optimizing physical security, mitigating cybersecurity risk, and developing compelling, risk-based business cases for driving C-suite support. All attendees received a copy of Mr. Norman’s newest paper: The Compelling Case for Unifying IT and Physical Security
Following Mr. Norman’s presentation, the cybersecurity panel shared real-life experiences about the relationship between HIPAA, HITRUST certification, cybersecurity, and security/vendor management. They focused on the implications of security-related compliance activities on the operation of and interaction between the extended network of healthcare service providers and business associates.
Those who were unable to attend the event can view the recording of the full presentations or view program highlights here:
today for more information about the seminar, about Evolve IP’s HITRUST certified communications and computing solutions, or about our upcoming educational events.
About the HITRUST and Cybersecurity 2018 program presenters:
Omar Khawaja | CCSK, CISSP; Chief Information Security Officer, Highmark
Mr. Khawaja has spent 15 years delivering, developing and managing enterprise security solutions. He is currently Chief Information Security Officer at Highmark, the nation’s third-largest integrated health delivery and financing network. He is also on the board of directors for HITRUST and is an expert in the HITRUST certification process and how it fulfills HIPAA requirements. He has advised executives of the Global 1000 and spoken at industry conferences (RSA, CSA, ISF, MWC, WEDI) on the topic of making security more business-centric, on 5 continents and has been quoted in media outlets such as Financial Times, NY Times and CNBC.
Thomas L. Norman | CPP/PCP; Global Security Consultant, Ingram Micro
Mr. Norman is an internationally acclaimed security consultant with experience in the USA, Middle East, Europe, Africa and Asia. Mr. Norman has expertise in Cyber Security & Cyber War Defense Planning, Integrated Security Master Planning, Crime Prevention, Anti-terrorism, Threat Assessment, Security Cost/Benefit Analysis, and Threat/Countermeasure Balancing. He is an award-winning author of security industry books, including Risk Analysis and Security Countermeasure Selection, The Compelling Case for Aligning IT and Physical Security, and Security Planning and Design.
Cybersecurity Panelist Members:
Paul Johnson | CPA, CISSP, CCSFP, Partner, with Wipfli LLP
Paul is a partner in Wipfli LLP’s risk advisory services practice. He has over 20 years in the information technology (IT) and information security fields, including leadership roles as a security consulting director, and information security director for an integrated healthcare delivery system. Paul leads a team with extensive experience and qualifications to provide HIPAA risk assessments, HITRUST assessments, healthcare privacy and security policy development, and other security advisory services.
Tim Vogel | Vice President of Security and Compliance, Evolve IP
Tim has more than 20 years of healthcare IT security consulting and management experience, including hands-on experience in networking, storage, virtualization, and information security. He was co-founder and CEO of Xtium, a healthcare-focused cloud services provider acquired by Evolve IP in 2016, his experience includes roles with AstraZeneca, Children’s Hospital of Philadelphia, ECRI Institute, Stuart Disease Management Services, and CGI Systems.
Philip Jevin | Vice President of Technology and Business Development, Universal Printing
As the Vice President of Technology and Business Development at Universal Printing Company LLC, an organization serving the nation’s largest healthcare service providers, Phil is responsible for providing leadership and direction for the Information Technology department. Over the last 12 years, he has helped lead the company through SAS 70, SOC 1, and SOC 2 reports, along with its HITRUST CSF Certification.
Karen Johnston | CISA, CIA, CFE, CCSFP, Senior Manager, Wipfli LLP
As a Senior Manager, in the firm’s Risk Advisory Consulting Practice, Karen Johnston has experience specializing in HITRUST assessments, SOC examinations, Internal Control Assessments, IT auditing, Business Process Analysis and fraud detection and prevention assessments. Karen provides consulting services to public, middle market and not-for-profit organizations in the healthcare industry.
Doug Manager | CISSP, Senior Sales Engineer, Fortinet
Doug is a security conceptualist with over sixteen years of cybersecurity experience. He currently leads a team of systems engineers whose task is to evangelize the necessity of increased visibility, enhanced security, and a reduction of complexity as it pertains to securing borderless networks.Categories: Healthcare Security & Compliance