Safe & Secure

In a world where hospitals and health systems remain at risk for ransomware attacks, HealthTrust is committed to protecting its members and their data. In fact, a majority of the organization’s contracted suppliers are required to sign a Security Information Protection Agreement (SIPA) to do business with the HealthTrust membership. This legally binding document outlines the minimum cybersecurity expectations for the suppliers and their products, and aims to safeguard any type of data HealthTrust members expect to be kept confidential.

“The focus on data protection doesn’t end after an agreement is signed. A SIPA is the start of a conversation. We continue to explore new ways to keep products safe & secure, & we want to stay in the loop as suppliers address the security of existing & new product lines.”

Marc Sammons, Director of Security Sourcing, HealthTrust

As medical products evolve with the integration of artificial intelligence (AI), it’s important for hospitals and health systems to know the risks. For example, some manufacturers in the imaging space are using AI to help identify what is being depicted in a given image and guide the clinical staff to diagnose and make recommendations on how to move forward with care. AI is also being used to transcribe conversations between the care team and a patient, feeding the information directly into the patient record.

AI updates to contract templates (including SIPAs)

While AI offers many benefits, given the correlation between AI and data, Sammons explains that “HealthTrust members should understand the specific type of AI used across their facilities and what suppliers are doing with their information.”

To help guide these discussions, rest assured, HealthTrust has you covered! HealthTrust is updating its contract templates to have AI-specific language that requires suppliers to:

The SIPA currently outlines that suppliers are not permitted to do anything with member data that has not been approved. “While these conversations are already happening between members and suppliers, we want to call out AI specifically in the SIPA and in other templates, so a conversation gets hyperfocused when it needs to,” says Sammons.

Industry involvement

The SIPA is just one of many ways HealthTrust defends the membership. “Colleagues on the Security Sourcing team are also part of larger groups at the federal level, including the U.S. Food and Drug Administration (FDA), where we represent the HealthTrust membership and raise security issues,” shares Sammons. Specifically, the team plays an active role with the Health Sector Coordinating Council’s Cybersecurity Working Group and it is also involved with the Health-ISAC (Information Sharing and Analysis Center).

Together, these organizations collaborate on how to protect against cyber threats, which are growing in complexity—in part because of AI technology. “It’s no longer about the person behind the keyboard,” says Sammons. “It’s about the program the person behind the keyboard is using.” With cybercriminals leveraging more sophisticated tools to detect flaws and launch ransomware attacks, efforts to protect HealthTrust members’ healthcare data and networks remain critical and ongoing.

 

Stay on top of changes to HealthTrust’s SIPA with contracted suppliers through updates in The Response newsletter and the HealthTrust Member Portal.

Share This Article:

Share Email AI, Cybersecurity, FDA Updates, Information Technology, Q4 2025