H3PT Announces 2025 Council Members, Elevating Healthcare Security and Third-Party Risk Management Standards Amid HIPAA Security 2.0 Advancements

ATLANTA, May 13, 2025 /PRNewswire/ — The Health 3rd Party Trust Initiative (H3PT) proudly announces the selection of its 2025 Council Members, a distinguished group of industry leaders committed to advancing healthcare security standards and strengthening third-party risk management practices. With the introduction of HIPAA Security 2.0, the healthcare industry faces an unprecedented shift toward more rigorous compliance and certification requirements, including higher benchmarks for HITRUST and enhanced third-party security oversight. The newly appointed council members reflect H3PT’s dedication to excellence, innovation, and the relentless pursuit of elevated cybersecurity and vendor risk management standards.

“The events of 2024 exposed just how vulnerable our industry is—not just within individual organizations, but across the entire ecosystem of care,” said Matthew Webb, AVP, Product Security at HCA. “The H3PT Council is a much-needed forum where providers and their vendors can come together to develop practical, collaborative solutions that strengthen trust and resilience. We can’t afford to operate in silos anymore.”

The selected 2025 council members include:

• Alejandra Boulanger, MBA, AdventHealth
• Glen Braden, Principal and CIO, Attest Healthcare
• Devin Shirley, CISO, Arkansas Blue Cross Blue Shield
• Cindy Schuna, Lead Analyst, Cencora, formerly AmerisourceBergen
• Rick Kratz, Director, Cyber Risk Management, Cencora
• Natalie Henderson, Executive Director, Third Party Risk Governance, CVS
• Eric Sinclair, SVP, Chief Information Officer, Evolent Health
• Matthew Webb, AVP – Product Security, Chief Product Security Officer, HCA Healthcare
• Brenda Callaway, Divisional VP, Operations Performance Management, Health Care Service Corporation (HCSC)
• Chris Lodico, Executive Director, Information Security, Health Care Service Corporation / Blue Cross Blue Shield of IL, TX, NM, OK & MT
• John Chow, CISO, Healthix
• Karin Balsley, AVP, Information Security & Network Communications, HealthStream
• Joe Dylewski, Lead, Technology and Cybersecurity Risk, Humana
• Kathy McKenna-Sauerman, Director, Third-Party Cyber Risk, Humana
• John Paul Ramsay, Associate Director Cyber Data Protection, Humana
• Lane Sullivan, SVP, Chief Information Security and Strategy Officer, Concentric AI
• Anna Selfridge, Manager, IT GRC, Main Line Health
• David Houlding, Director, Global Healthcare Security and Compliance Strategy, Microsoft
• Monique Hart, VP, Information Security & CISO at Piedmont
• David Finkelstein, Chief Information Security Officer at St. Luke’s University Health Network
• Ryan George, Senior Director of Information Security, UPMC
• John Houston, VP, Information Security and Privacy, UPMC
• Bhavesh Merai, Senior Manager, Technology, Risk & Compliance, Walgreens

Advancing Healthcare Security and Third-Party Risk Management 

Each member of the 2025 council has played a pivotal role in driving advancements in compliance, third-party risk management, and overall security posture for healthcare organizations. Their collective expertise will guide H3PT’s mission to help the healthcare industry stay ahead of emerging threats, vendor vulnerabilities, and evolving regulatory expectations.

The introduction of HIPAA Security 2.0 underscores the growing importance of third-party security assessments and continuous monitoring of external partners. With healthcare organizations increasingly relying on third-party vendors for critical services, ensuring these partners meet or exceed security and privacy requirements is vital. The H3PT Council will provide valuable insights into best practices for managing third-party risk, promoting more rigorous assessments, and driving vendor accountability.

“The bar for security is higher than ever before—not just for healthcare organizations but also for their vendors and partners,” said Ryan Patrick, Vice President of Adoption at HITRUST. “These 2025 Council Members are leading the charge, helping H3PT champion a new era of security excellence with a sharp focus on third-party risk management.”

About H3PT 

H3PT is a leading organization dedicated to advancing cybersecurity, third-party risk management, and compliance standards within the healthcare industry. Through collaboration, education, and advocacy, H3PT empowers healthcare organizations to safeguard patient data and strengthen their security posture across their entire vendor ecosystem.

About CORL Technologies 

CORL Technologies is a leading third-party risk management and cybersecurity firm specializing in vendor security programs for healthcare organizations. CORL offers a flexible solution to help optimize third-party risk with hands-on support and a technology-enabled platform. With a focus on HITRUST certification, vendor assessments, and continuous monitoring, CORL Technologies helps healthcare providers stay ahead of security threats and regulatory demands, ensuring robust protection for sensitive patient data.

About HITRUST 

HITRUST is a leading organization that empowers healthcare organizations to manage cybersecurity, privacy, and regulatory compliance challenges through a comprehensive and flexible framework. By combining healthcare industry expertise with best practices in information security, HITRUST helps organizations achieve certification and enhance their overall security posture, ensuring that patient data remains safe and secure.

For more information about H3PT and the 2025 Council, please visit health3pt.org or contact Ryan Patrick at Ryan.Patrick@hitrustalliance.net.

View original content to download multimedia:https://www.prnewswire.com/news-releases/h3pt-announces-2025-council-members-elevating-healthcare-security-and-third-party-risk-management-standards-amid-hipaa-security-2-0-advancements-302453583.html

SOURCE Health3PT