Rick Ensenbach, CISSP, CISA, CISM, ISSMP, CCSFP
Director, Risk Advisory Services
Rick Ensenbach provides strategic information security and risk management services, with a focus on health care. He assists health care organizations in meeting regulatory compliance objectives through effective leadership, communication, and risk management skills. Rick helps organizations assess their compliance with industry regulations, identify areas for improvement, and manage initiatives to decrease risk and improve the security of protected health information.
Rick is passionate about delivering information security and risk mitigation services. He is a results-oriented, enthusiastic management consultant with 40 years of diverse experience. Rick holds numerous security certifications and is an internationally recognized information security professional.
Certifications
- Certified Information Systems Security Professional
- Certified Information Systems Auditor
- Certified Information Security Manager
- Information Systems Security Management Professional
- Certified HITRUST CSF Practitioner
Professional Memberships and Activities
- ISSA - Distinguished Fellow
- ISSA, Minnesota Chapter - Executive advisor and past president
- Upper Midwest Security Alliance (UMSA) - Founding member and past president
- International Information Systems Security Certification Consortium (ISC2) - Member
- Information Systems Audit and Control Association (ISACA) - Member
- U.S. Armed Forces, The Enlisted Association (TREA) - Member
- American Legion - Member
- AMVET - Life Member
Areas of Focus
- Information risk and security assessment, strategy, and management
- Organizational security officer, advisor, and mentor
- Information security education and awareness
- Information security audit and regulatory compliance (HIPAA, GLBA, and FFIEC)
- Information security policy and procedure development
- Information security process and program development
- Frameworks and standards use (HITRUST, NIST, ISO 27001/27002, and COBIT)
Industries
HealthcareRecent Insights
Articles
HIPAA business associates: How healthcare providers manage the risk
Feb 11, 2022
HIPAA safe harbor law: What is it, and does it apply to your organization?
Feb 19, 2021
Common misconceptions from a HITRUST Authorized External Assessor
May 06, 2020
HITRUST vs HIPAA: What is the difference?
Apr 09, 2020
Telehealth, HIPAA and COVID-19: What you need to know
Apr 02, 2020
What the ‘good faith’ rule means for HIPAA during COVID-19 pandemic
Mar 31, 2020
First responders can share COVID-19 patient information, HHS says
Mar 31, 2020
Top benefits of a virtual chief information security officer — and what to look for
Dec 04, 2019
Why security risk management isn't a once-a-year event
Nov 11, 2019
Why Measuring Needs to Be a Standard of Your Information Security Program
Nov 08, 2018
Insider Threats: Are You Ignoring the Human Risk in Your Information Security Program?
Jan 21, 2016
Blogs
Opinion: It’s time for a federal third-party security certification in healthcare
Sep 06, 2019
Are you meeting the HITECH Act’s requirements?
Jul 25, 2019
5 ways healthcare organizations can secure employee smartphones
Jul 02, 2019
Does Your Health Care Organization Struggle With Risk Management?
Sep 23, 2018
What You Need to Know About Transmitting Patient Health Information
Jun 17, 2018
3 Ways You Can Prevent Employees from Selling Confidential Data
May 08, 2018
There is a Resource for That
Oct 19, 2017
Is Your Organization Ready to Respond to an Incident?
Sep 26, 2017
Best Training Ideas & Tools for Ensuring Security
Sep 18, 2017
The Wide Range of Information/Cybersecurity Responsibilities
Aug 07, 2017
Organizational Information/Cybersecurity: Who's in Charge?
Jul 27, 2017
Six Ways to Increase Cyber Security in the Health Care Industry
Jun 26, 2017
Webinars
Healthcare Connections: Healthcare Cybersecurity Compliance
May 18, 2021
