TMCnet News

Health3PT Initiative Announces Significant Progress in 2023 Paving the Way for Solving Third-Party Risk Management in Healthcare for 2024
[February 01, 2024]

Health3PT Initiative Announces Significant Progress in 2023 Paving the Way for Solving Third-Party Risk Management in Healthcare for 2024

Initiative announces new council members, aims for wider adoption of TPRM Best Practices in 2024

FRISCO, Texas, Feb. 1, 2024 /PRNewswire/ -- The Health 3rd Party Trust (Health3PT) Initiative today announced significant strides in 2023 toward solving the Third-Party Risk Management (TPRM) problem in the healthcare sector. The Health3PT initiative has grown to over 1,900 professionals representing 1,100 organizations that are currently engaged with the initiative. Health3PT is now guided by 20 Council member organizations that work to establish standards for TPRM to help organizations reduce vendor risk and streamline their vendor risk process.

The Health3PT initiative has grown to over 1,900 professionals representing 1,100 organizations.

The Health3PT Initiative is dedicated to bringing standards, credible assurance models, and automated workflows to increase security around the third-party vendors and suppliers delivering vital services. The Health3PT Council has successfully delivered "The Health3PT Recommended Practices," an instructional framework of actionable steps organizations can take to ensure due diligence and due care throughout the healthcare ecosystem—while improving effectiveness, reducing inefficiencies, and leading the way for standardization in TPRM.

The Council's efforts have been bolstered by the adoption of HITRUST as the first assurance methodology, which has played a crucial role in enabling the Recommended Practices. Additionally, the Health3PT Vendor Directory has been launched, serving as a platform for HITRUST Certified vendors, or those in the process of becoming Certified, to showcase their compliance efforts.

"Health3PT member organizations have already notified thousands of vendors about replacing inadequate questionnaires with standardized assessments, streamlining the onboarding process while ensuring the security of services provided by third parties and the associated sensitive information they handle." - Matthew Webb, AVP - Product Security, Chief Product Security Officer, HCA Healthcare

"As evidenced by the substantial number of third-party breaches, the healthcare industry has not done a good job of addressing third-party risk. I do not believe that those efforts have been effective or a good value for the money. The Health3PT Council has arrived upon a solution to this challenge. It starts with organizations adopting the Health3PT Recommended Practices and leveraging the HITRUST assessment portfolio." - John Houston, VP, Information Security and Privacy, UPMC

"I joined Health3PT with a belief that simplicity shouldn't compromise excellence. In the realm of third-party cyber risk management, we strive to simplify processes while raising the bar, ensuring robust security measures for a safer digital future. As we further rely on suppliers and third-party relationships to run and operate our businesses, we have to be able to apply the same cybersecurity standard as if it were our own infrastructue and services." - Tim Witos, Vice President Information Security, McKesson

"PDHI joined H3PT to help other assessed parties implement the "no questionnaire" model that PDHI has followed since 2015. From the PDHI perspective, the effective and efficient delivery of PDHI information security management program information to clients and prospective clients is vital to improving their ease and confidence in doing business with PDHI. The more often relying parties are pushed, as a matter of best practice, to put trust into their third-party risk management programs, the sooner the overall healthcare cybersecurity ecosystem will be significantly strengthened." - Lee Penn, Chief Financial Officer & Chief Compliance Officer, PDHI

Looking to 2024, Health3PT is set to continue its strong trajectory of growth, with a focus on broader adoption of the Recommended Practices. This advancement aims to drive substantial improvements in Vendor Risk Management by moving away from traditional questionnaires to a standard for risk tiering and validated assurances. The initiative will also tackle emerging challenges, such as evolving regulations and the impact of AI on cyber risk. The 2024 Health3PT Council welcomes new members, including:

Council Members continuing into 2024

Additionally, the Council has established a Vendor Committee, comprising both small and large vendors, to ensure a broader perspective on TPRM. This committee is a crucial step towards achieving Health3PT's objective of streamlining TPRM and reducing vendor risk through widespread adoption of the Health3PT Recommended Practices.

To learn more about the best practices and successes of the initiative, join the Health3PT 2024 Kick-off Webinar on February 8.

To join the Health3PT initiative and for more details visit

About the Health3PT Initiative
Representing leaders from health providers, payers, and healthcare services, the Health3PT Council strives to share best practices in managing third-party risk to deliver on their organizations' mission of safeguarding sensitive information. By driving collaboration with industry and government, the Health3PT Initiative is enabling a standardized approach that organizations can adopt to effectively and efficiently manage third-party risk within their organization and to protect the entire third-party ecosystem. Health3PT is supported by HITRUST, the industry-recognized risk and compliance standards and certification body, and CORL, the healthcare third-party risk management services and solutions provider.

Leslie Kesselring
Kesselring Communications for Health3PT
[email protected]

Cision View original content to download multimedia:


[ Back To's Homepage ]