< Back to Resource Library
Vidyard lightbox thumbnail

HealthData Talks: Understanding HITRUST

In this episode, Dan Kompare explains the HITRUST CSF® security framework and the everyday task of keeping data secure.


You can subscribe to the HealthData Talks Podcast on SpotifyAmazon MusicApple Podcasts and more.


Key Moments

(0:50) The conversation kicks off with an overview of HITRUST – a security framework – and why it’s important.

(1:45) Larkin mentions HIPAA and how HITRUST differs since it is a framework, not a law. She asks Kompare to elaborate on the HITRUST certification process.

(2:48) Kompare discusses the two types of assessments within HITRUST certification – r2 and i1. Additionally, he covers the main components of certification: security processes, number of controls, in-person audits, and maturity scores.

(4:08) Kompare elaborates on the range of controls you can meet in the HITRUST framework, which varies by organization depending on their needs.

(5:25) Larkin and Kompare discuss the resources it requires to achieve HITRUST certification and recertification. HITRUST takes more resources than just the IT department. It is an ongoing effort for the entire company which is put into practice every day.

(7:54) Larkin asks Kompare to explain the difference between SOC and HITRUST certifications. He explains that both are great security certifications, however, HITRUST was born out of HIPAA and is directly for the healthcare sector.

(9:17) HITRUST certification may require a lot of resources but the return on investment is high. Kompare details how improving security posture and reducing risk will always provide a return. The framework gives a sense of confidence and methodology to follow when it comes to security.



Shannon Larkin, VP of Marketing and Business Development at Harmony Healthcare IT, utilizes her 25+ years of health IT experience to connect healthcare organizations with a team of experts that consolidate and modernize data storage to reduce cost and risk.

Dan Kompare,
VP of Information Systems, has over 20 years of experience in information technology with a specialty in data integration and work in bioinformatics and EHR system design. Today, Dan leads the Harmony Healthcare IT Infrastructure and Support teams, focusing on the customer experience and providing technical solutions to improve the patient care experience.


Related Resource Links

Explore data archiving

Learn more about the differences between HITRUST and HIPAA

Read our Security Focus Whitepaper


Follow Us

LinkedIn: @Harmony Healthcare IT, the Makers of HealthData Archiver®

Twitter: @HarmonyHit

Was the Resource Helpful?

Talk to the experts. Harmony Healthcare IT is an award-winning data management firm with a proven ability to extract, migrate and archive data with 100% integrity.

Black Book 2022 Logo
First Name *
Last Name *
Email *