Provider Third-Party Risk Management

Best practices for assessing the security posture of your supply chain

  • Event Date:
  • Event Time: Noon Central

Effectively assessing the security posture associated with cloud-based services is proving to be prohibitively expensive and difficult to perform. The hurdles faced go well beyond available resources and capabilities, posing a huge challenge for organizations and third parties to create, administer, respond to and manage assessments. In addition, ineffective security, compliance and assurance methods result in increased risk, as well as drive-up cost and confusion within organizations and across third parties.

In this webinar, learn from the American Hospital Association on the various common security frameworks (CSF) available within the health care field and resources available to your health care organization. This webinar will focus on how University of Pittsburgh Medical Center (UPMC) moved to requiring HITRUST CSF certification of its vendors to mitigate risk exposure from third parties providing cloud-based services. You’ll learn how, by using a single framework that covered all of the relevant standards and regulations, UPMC was able to not only assure the security and compliance levels of third parties in maintaining patient data protection, but also simplified assurance processes, reduced costs and maintain clear understanding between the medical center and its vendors.


  • The various common security frameworks available within the health care field.
  • The value of managing information security-related risks by third parties.
  • Best practices for third-party assurance to reduce costs, simplify processes and minimize confusion with third parties.
  • The mission of the Provider Third-Party Risk Management (PTPRM) Council.
  • High-level information about the HITRUST CSF Certification process as used by the PTPRM Council.


« View All Events

Thought Leaders

John Riggi
Senior Advisor for Cybersecurity and Risk
American Hospital Association (AHA)
John Riggi image

John Riggi, having spent nearly 30 years as a highly decorated veteran of the FBI, serves as the Senior Advisor for Cybersecurity and Risk for the American Hospital Association (AHA) and their 5000+ member hospitals. In this role John serves as a resource nationally to assist members identify and combat cyber and other sources of risk to their organizations. Additionally, John will support the AHA’s policy efforts and Federal agency relations on cyber and other risk related issues. Previously, John led BDO Advisory’s Cybersecurity and Financial Crimes Practice. While at the FBI, John served as a representative to the White House Cyber Response Group. He also led the FBI Cyber national program to develop mission critical partnerships with the health care and other critical infrastructure sectors for the investigation and exchange of information related to national security and criminal-related cyber threats.

John Houston, J.D.
Vice President, Privacy and Information Security & Associate Counsel
John Houston, J.D. image

John P. Houston is Vice President, Information Security and Privacy, and Associate Counsel for UPMC.  In this position, he has broad accountabilities across the health system, including privacy, information security, data governance and legal matters associated with the acquisition, licensing, and use of technology. 

Mr. Houston has been significantly involved in UPMC’s compliance with the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA).  Mr. Houston has testified twice before the United States Senate’s Health, Education, Labor and Pension Committee and once before the US Senate Judiciary Committee.  Mr. Houston also speaks regularly regarding such topics as health care privacy, information security and health care information systems.  Mr. Houston has participated on numerous industry, federal and state advisory committees regarding such matters as privacy, security, the adoption of health information technology and the exchange of health information.    Mr. Houston is one of the co-founders of the Provider Third Party Risk Management Council, a group of industry leaders that develops and promotes practices to effectively manage information security-related risks in the healthcare provider supply chain.

Mr. Houston completed his undergraduate studies in 1986 at the University of Pittsburgh and received a Bachelor of Science in Computer Science and History.  Mr. Houston later attended the Duquesne University School of Law where he received his Juris Doctor degree in 1994.

Michael Parisi
Vice President of Assurance Strategy & Community Development
HITRUST Alliance
Michael Parisi image

Mike assesses current assurance programs and determines needed enhancements to help address organizational security and privacy challenges in the marketplace. He spearheads the development of new assurance programs and strategies to help address emerging customer challenges and regulations surrounding privacy and security. He contributes to the business by educating organizations on the multiple attributes of the HITRUST Approach, including resource savings in time and money. Mike also leads HITRUST’s community efforts to help further the adoption of our standards and programs across multiple industries, global geographies, and regulatory bodies.

Michael Parisi has led over 500 controls-related engagements primarily in the healthcare and financial services industries. He has extensive experience with third-party assurance reporting including HITRUST readiness, HITRUST certification, SOC 1, SOC 2, SOC 3, Agreed Upon Procedure and customized AT-101 engagements. He also has several years’ experience implementing large Oracle ERP systems specializing in the General Ledger and Governance Risk and Compliance modules. He has extensive knowledge of financial reporting and regulatory standards through his external audit and consulting experience, including Sarbanes Oxley, HIPAA, NIST, CMS and state specific standards. He holds a Bachelor of Science in Accounting, a Bachelor of Science in Computer Information Systems and an MBA from Quinnipiac University. He is an active member of ISACA and IAPP.

On Demand Button