This week Drummond Group will be in Grapevine, Texas for the HITRUST 2018 Annual Conference. It is the only event dedicated to exploring all aspects of risk management, information security, privacy, and utilization of the HITRUST CSF and HITRUST CSF Assurance Program.

Prior to the conference, HITRUST announced that prominent Chief Information Security Officers (CISOs) from leading health systems and providers throughout the country have come together to establish the Provider Third Party Risk Management Council to develop, recommend, and promote a series of practices to effectively manage their information security-related risks in their supply chain and to safeguard patient safety and information. The organizations on the council have each independently decided to require their third-party vendors to become HITRUST CSF Certified.

The founding member organizations for the Provider Third Party Risk Management Council include institutions like the Allegheny Health Network, Cleveland Clinic, University of Rochester Medical Center, UPMC, Vanderbilt University Medical Center, and Wellforce/Tufts University. This reinforces the broad acceptance of HITRUST CSF Certification as the de facto certification in the healthcare industry.

Obtaining HITRUST CSF Certification is important for your organization, because it

  • Lowers your risk and evaluate your security against an industry standard framework
  • Eliminates the need to send out responses to numerous security questionnaires to your clients
  • Ensures compliance with Federal HIPAA regulations, and numerous State regulations (California, Texas, Nevada, New York, and Massachusetts)
  • Certification is mandated by payors such as United Healthcare, Humana, and Blue Cross/Blue Shield
  • Can be costly to your organization to be non-compliant with Federal and State regulations

If you would like to discuss how you can become HITRUST CSF Certified, please contact Ken Rowe, HITRUST Business Unit Leader, at, or come see us at our booth at the Conference.