The newly announced HHS cybersecurity performance goals (CPGs) will serve as the foundation for future healthcare cyber requirements. However, for many health IT leaders the CPG timelines and potential incentives announced in the December 2023 HHS concept paper remain shrouded in ambiguity.

To help clear things up, we’re hosting a live panel and Q&A with private and public representatives of the 405(d) team involved in developing these CPGs.

Erik Decker and Nick Rodriguez join Kate Pierce for a live panel discussion and Q&A to cover:

  • How these CPGs are different than those in the past
  • Timelines and expectations for meeting CPGs
  • Potential incentives and penalties


More about our speakers:

Erik Decker
405(d) Working Group Chair
VP & Chief Information Security Officer
Intermountain Health

Erik Decker is the Chief Information Security Officer for the Intermountain Healthcare. He is the industry lead for the development of the Health Industry Cybersecurity Practices (HICP) publication, under the HHS 405(d) Program. He is also a member of the Executive Council of the Health Sector Coordinating Council, a joint public-private partnership group tasked with protecting Critical Infrastructure, as defined under the National Infrastructure Protection Plan. In 2020, Erik led the HSCC Task Group that wrote the Health Industry Cybersecurity Tactical Crisis Response Guide (HIC-TCR).



Nick Rodriguez
405(d) Program Manager
U.S. Department of Health and Human Services

Nick Rodriguez is the Program Manager for the award winning 405(d) Aligning Health Care Industry Security Approaches Program within the U.S. Department of Health and Human Services (HHS) Office of Information Security (OIS).    As the leading collaboration center of OIS, the 405(d) program is focused on providing the HPH sector with useful and impactful resources, products, and tools that help raise awareness and provide vetted cybersecurity practices, which drive behavioral change and move towards consistency in mitigating the most relevant cybersecurity threats to the sector.



Kate Pierce Executive Director Subsidy Program at Fortified Health Security

Kate Pierce
Fortified Health Security
Executive Director of Subsidy Program

With over 30 years of experience in healthcare information technology, and over 13 years in healthcare cybersecurity, Kate Pierce has deep insight into the persistent challenge of improving security with increasingly limited resources. During her tenure as the CIO and CISO at a Critical Access Hospital, Kate spearheaded the creation of the organization’s security program, encompassing governance, strategic planning, and the selection and rollout of security controls. To further the cause of cybersecurity in healthcare, Kate actively collaborates with the HSCC CWG and the 405(d) program, and consistently advocates at the federal and state levels to fortify cybersecurity within healthcare organizations.