< Back to Resource Library HealthData Talks: Understanding HITRUST In this episode, Dan Kompare explains the HITRUST CSF® security framework and the everyday task of keeping data secure. Subscribe You can subscribe to the HealthData Talks Podcast on Spotify, Amazon Music, Apple Podcasts and more. Key Moments (0:50) The conversation kicks off with an overview of HITRUST – a security framework – and why it’s important. (1:45) Larkin mentions HIPAA and how HITRUST differs since it is a framework, not a law. She asks Kompare to elaborate on the HITRUST certification process. (2:48) Kompare discusses the two types of assessments within HITRUST certification – r2 and i1. Additionally, he covers the main components of certification: security processes, number of controls, in-person audits, and maturity scores. (4:08) Kompare elaborates on the range of controls you can meet in the HITRUST framework, which varies by organization depending on their needs. (5:25) Larkin and Kompare discuss the resources it requires to achieve HITRUST certification and recertification. HITRUST takes more resources than just the IT department. It is an ongoing effort for the entire company which is put into practice every day. (7:54) Larkin asks Kompare to explain the difference between SOC and HITRUST certifications. He explains that both are great security certifications, however, HITRUST was born out of HIPAA and is directly for the healthcare sector. (9:17) HITRUST certification may require a lot of resources but the return on investment is high. Kompare details how improving security posture and reducing risk will always provide a return. The framework gives a sense of confidence and methodology to follow when it comes to security. Speakers Host: Shannon Larkin, VP of Marketing and Business Development at Harmony Healthcare IT, utilizes her 25+ years of health IT experience to connect healthcare organizations with a team of experts that consolidate and modernize data storage to reduce cost and risk. Guest: Dan Kompare, VP of Information Systems, has over 20 years of experience in information technology with a specialty in data integration and work in bioinformatics and EHR system design. Today, Dan leads the Harmony Healthcare IT Infrastructure and Support teams, focusing on the customer experience and providing technical solutions to improve the patient care experience. Related Resource Links Explore data archiving Learn more about the differences between HITRUST and HIPAA Read our Security Focus Whitepaper Follow Us LinkedIn: @Harmony Healthcare IT, the Makers of HealthData Archiver® Twitter: @HarmonyHit Suggested For You Webinar: Data Privacy & Security Best Practices for Hospitals & Clinics HealthData Talks: Applying AI to Health Data Revenue Integrity Show: Wind Down Legacy A/R and Set Your Organization up for Success HealthData Locker™ HealthData Talks: Security Best Practices Was the Resource Helpful? Talk to the experts. Harmony Healthcare IT is an award-winning data management firm with a proven ability to extract, migrate and archive data with 100% integrity. First Name * Last Name * Email *