Karen Johnston is Wipfli’s national Digital Health industry leader.  With over 25 years of experience, she works closely with technology companies to drive innovation and improve how her clients get things done. As the leader of our HITRUST, ISO, and HIPAA service lines, Karen is also responsible for the security and privacy engagements by successfully guiding organizations through their compliance challenges. She believes in fostering collaborative partnerships and the power of meaningful connections.  Most recently, she's worked on developing services to meet her clients' AI compliance needs related to security, privacy and risk.

Karen spearheaded the international integration of our Risk Advisory Services teams outside the US. Over the past five years, Wipfli has transitioned from utilizing our team in India for task-oriented roles to having them lead engagements and manage continuous client-facing work. This strategic shift has enabled Wipfli to expand its team during periods of resource constraints and effectively meet fluctuating client demands throughout the year.

Specializations

• HITRUST Assessments
• ISO 27001, 27701 and 27017
• SOC 1 and SOC 2 examinations 
• HIPAA Risk Assessments
• Internal control assessments
• Internal audits
• Information technology (IT) audits
• IT governance

Professional memberships and activities

• HITRUST Alliance Assessor Council
• PACT (Philadelphia Alliance for Capital and Technology Healthcare Advisory Board
• The Institute of Internal Auditors (IIA) - Member
• Information Systems Audit and Control Association (ISACA) - Member
• Mother Teresa Regional Board of Limited Jurisdiction - Board Member