Third-Party Risk Management for Healthcare Boards

 More

During this session, we will discuss the key elements and importance of an integrated Third-Party Risk Management (TPRM) program with an emphasis on the evolving regulatory and compliance landscape. The session will also explore how weak third-party diligence can lead to significant data exposure and how organizations can mitigate these risks through best practices and governance.

Member: $75
Non-Member: $125
Registration includes unlimited connections per registered facility.

Hospital and health system board members, trustees of rural and community hospitals, executive leadership teams, chief executive officers, chief information officers (CIOs), chief information security officers (CISOs), chief technology officers (CTOs), compliance and risk management professionals, privacy and cybersecurity leaders, internal audit professionals, legal counsel, supply chain and procurement leaders, governance professionals and board liaisons, and policy makers involved in health care governance, cybersecurity, compliance, and enterprise risk management.

  • Describe the importance of third-party risk management (TPRM) in healthcare and the growing regulatory, compliance, cybersecurity, and operational risks associated with vendor relationships.
  • Identify the core components of an effective TPRM program, including vendor inventory, risk assessment, due diligence, ongoing monitoring, and offboarding processes.
  • Recognize common third-party risks that can lead to data breaches, operational disruptions, compliance violations, and reputational harm within healthcare organizations.
  • Evaluate strategies for mitigating third-party risk, including risk-based vendor classification, cybersecurity assessments, stakeholder collaboration, and continuous monitoring practices.
  • Explain the role of executive leadership and governing boards in overseeing third-party risk management programs through reporting, accountability, and governance processes.

American College of Healthcare Executives
By attending the Third-Party Risk Management for Healthcare Boards Webinar, offered by Texas Healthcare Trustees, participants may earn up to 1.0 ACHE Qualified Education Hours toward initial certification or recertification of the Fellow of the American College of Healthcare Executives (FACHE) designation.

Certified Healthcare Trustees and Leaders Education
The Texas Healthcare Trustees designates this continuing certified healthcare trustee and leader education activity for up to 1.0 contact hours. For more information about the CHTL program, please contact THT at 512-465-1015.

Barry Mathis, Consulting Principal, Information Technology, PYA

Barry has over three decades of experience in the information technology (IT) and healthcare industries as a CIO, CTO, senior IT audit director, and IT risk management consultant. He has planned and managed complicated HIPAA security reviews and audits for some of the most sophisticated hospital systems in the country. Barry is a visionary, results-oriented, senior-level healthcare executive with demonstrated experience in planning and implementing information technology solutions. He is adept at strategic development, project and crisis management, and negotiation. Barry’s strong technical capabilities combined with outstanding presentation skills have made him a sought-after speaker at many conferences and events.

Shannon Sumner, Consulting Principal, Firm Chief Compliance Officer, Managing Principal, PYA

Shannon is a nationally recognized healthcare compliance expert. With more than 30 years of experience in healthcare internal auditing and regulatory compliance, she helps healthcare organizations of all sizes strengthen their compliance programs. She steers clients through regulatory compliance issues, develops effective internal control structures, and conducts due diligence for mergers/acquisitions/divestitures. The U.S. Department of Justice recognized her expertise and sought her input in a history-making federal compliance co-monitorship case.