HITRUST: Did You Know?—Part 4, Key HITRUST Statistics

If you’re an organization that needs to protect sensitive information but you’re outside of the healthcare industry, you might be wondering how HITRUST can help you reach your goals. The good news is, HITRUST is not only for healthcare organizations. Did you know about HITRUST’s ability to help businesses across industries reduce the time and effort needed to achieve security and compliance?

To better prepare organizations to begin or continue their compliance journey, the HITRUST Alliance recently released HITRUST: Did You Know?, a guide covering ten essential facts about HITRUST certification. We’re taking a deep dive into this guide in a four-part blog series so your organization has all the information about HITRUST. Read our first, second, and third blogs highlighting HITRUST’s assessments, risk assessment program, and certification across multiple standards. 

For our final blog in this series, we’ll take a look at a few key HITRUST statistics that demonstrate how the standard helps organizations of all industries and sizes protect customer data and mature their compliance posture with less time and effort. 

BARR is 1 of 9 firms in the U.S. eligible to perform audits against all three of the highest-regarded frameworks: ISO 27001, SOC 2, and HITRUST.

BARR offers a “test once, report many” approach to security and compliance—meaning your organization can achieve multiple reports with just one audit. For example, HITRUST can serve as a risk assessment for the ISO 27001 audit. If your organization has HITRUST in place, BARR can provide expert guidance and feedback on how to close any identified gaps prior to an ISO 27001 audit.

In addition, a HITRUST certification can help satisfy the requirements of a SOC 2 report. The AICPA’s trust services criteria align with the CSF criteria, which allows us to issue SOC 2 plus HITRUST in a collaborative reporting model. 

Organizations can reduce the time and effort needed to obtain a HITRUST certification by up to 85% with the HITRUST Shared Responsibility and Inheritance Program.

The HITRUST Shared Responsibility and Inheritance Program can help your organization save time and resources by identifying inheritable controls within the HITRUST CSF, streamlining the certification journey. 

The program also allows you to use already certified controls from internal shared IT services and external third-party organizations such as service providers, vendors, and cloud service providers (CSPs) like Amazon, Google, and Microsoft. This makes it easier for organizations to achieve information security certifications and helps boost their security posture.

HITRUST applies to organizations from all industries and of all sizes.

The HITRUST CSF is an information protection standard that organizations can use effectively across any industry—not just healthcare. The HITRUST CSF provides a consensus-driven standard of due care and diligence for protecting information. This includes:

• Electronic protected health information (ePHI)
• Personally identifiable information (PII)
• Payment card data
• Proprietary information
• Other sensitive information

Because HITRUST offers a portfolio of validated assessment options based on complexity and risk profile, it also can be used for organizations of any size. In fact, the certifications are broadly considered the gold standard due to their rigorous, comprehensive, and effective approach.

For more information on attaining HITRUST certification for your organization, contact BARR. We’ll have a HITRUST specialist ready to chat with you within 24 hours.