Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Compliance in healthcare: The HITRUST framework

By Philip Jones
health-cyber-freepik1170.jpg
May 13, 2022

In our ever-expanding digital world, healthcare organizations have become increasingly dependent on technology to keep up with evolving consumer needs. Just one example is the heightened reliance on telehealth solutions prompted by the pandemic. This trend has changed the future of our healthcare infrastructure, requiring leaders to make new investments and consider all the risks of scaling mission-critical systems.


Of course, one of the biggest risks exacerbated by this increase in digital investment over the past few years is cyberattacks, specifically those focused on patient data. There have been more than 350 cyberattacks on healthcare organizations since June 2020, according to the CyberPeace Institute. Each attack exposed an average of 165,000 patient records and impacted the organization’s operations for nearly 20 days. The most common types of data exposed included patient names, addresses, social security numbers, patient health information and health insurance information.


With the rise in cyberattacks, healthcare leaders have explored various solutions to protect their institutions from digital disruption, including the Health Information Trust Alliance (HITRUST). HITRUST is an organization that created the HITRUST-Common Security Framework (CSF), which combines the rules of other existing industry frameworks, including HIPAA, NIST, ISO 27001 and more. HITRUST-CSF was created with the intent of consolidating these frameworks to address the number of security, privacy and regulatory challenges that healthcare organizations are facing.


How to become HITRUST-CSF certified

Any healthcare organization that manages sensitive information can look to HITRUST-CSF as a way to assess their security and compliance approaches. HITRUST-CSF certification is not mandated by any government entity. Rather, it covers various frameworks that are required by governments and thus has become a reliable framework by many healthcare organizations.


HITRUST-CSF is not structured around broad buckets like other security frameworks. Rather, it is divided into 19 different security domains focused on helping organizations achieve compliance. The framework is continually updated and scalable depending on the organization’s needs and size.


Organizations must reach a passing score in each of the 19 domains in order to achieve HITRUST certification. An organization’s scores are also evaluated against five maturity levels by measuring each control requirement and then scoring each level based on how well each control is executed.


There are three degrees of assurance or assessment levels that organizations need to complete to become HITRUST-CSF certified. This helps to determine the level of confidence that a healthcare organization meets in regard to the HITRUST-CSF requirements. Each level builds on one another; organizations with the highest level meet all the requirements to be HITRUST-CSF certified.


Why it’s important to become HITRUST-CSF certified

In healthcare, developing trust and a strong relationship between providers and patients is essential. HITRUST-certified organizations can assure their patients that their information and data are safeguarded against potential cyberattacks. In addition to establishing the trust of patients, there are several other reasons an organization should look to become HITRUST certified, including:


  1. Reduced risk: HITRUST gives organizations a holistic understanding of their data integrity posture, which enables them to address any risks and vulnerabilities — ultimately reducing the potential for future problems.
  2. Industry-leading benchmark: Because HITRUST-CSF is the leading standard for data security in the healthcare industry, completing certification will help further demonstrate that an organization is using best practices and effectively addressing requirements across many regulatory standards.
  3. Enhanced partnership opportunities: In many cases, healthcare organizations are required by their third-party partners to have robust cybersecurity programs in place. Because HITRUST-CSF is the most streamlined and all-encompassing framework, this helps to prove that an organization is focused on compliance, therefore helping to attract third-party partners and vendors.
  4. Competitive advantage: Being able to assure patients, providers, payers, vendors, commercial insurance brokers and other stakeholders that patient data is secure and protected can help better position almost any healthcare organization against its competitors.


The security of patient data has become of utmost importance for healthcare organizations. Although the HITRUST certification process is not easy, the benefits of receiving certification are significant. Your organization will be able to assess IT risk and adjust as needed in order to protect both the enterprise and patient data. Being able to demonstrate compliance adds a layer of assurance for every member of the healthcare value chain that knows patient data is protected by an organization that meets all recommended security requirements.


This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: compliance cyber security data privacy health care security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Phil jones bio full.jpg profile

Philip Jones, is a Privacy Leader, Director of Security, Chief Security Architect, and Data Privacy Officer (DPO) with a Master Level Security and in the process of achieving his Fellowship in Privacy (FIP) certification. Phil has built multiple privacy programs ranging from startups to major international organizations. He has guided multiple board of directors through tough and complex compliance of security and privacy regulations. Prior to joining Mazars USA, Phil held several leadership roles in Privacy/GDPR, U.S. regulatory compliance, and Cybersecurity of both prestigious consulting firms and technology organizations, including U.S. Navy Intelligence, IBM and Booz Allen & Hamilton.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0321-Edu-Feat-slide1_900px

    The exposure in traditional executive protection

    See More
  • Healthcare Data Compliance: Maintaining Integrity, Privacy and Security

    Three Reasons Healthcare CISOs Can’t Ignore Vendor Compliance

    See More
  • Diamond tunnel

    Thriving in 2030: The future of compliance and risk management

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing