The Importance of HITRUST in Building Trust in Healthcare

Leadership
Written By Lyric Admin
A digital padlock with zeros and ones binary code in the background. Words are "The Importance of HITRUST: Building Trust in Healthcare."

By Kevin Heineman, Chief Information Security Officer, Lyric

In today's digital, interconnected data supply chain, healthcare organizations are facing increasing challenges in safeguarding sensitive patient data against cyber threats. The industry is continuously targeted with phishing, ransomware, and other malicious attacks and these attacks continue to increase year over year. According to the Office of Civil Rights the number of healthcare records breached surged 146% to 133 million records from 2022 to 2023. With several high-profile breaches in 2024, this number is expected to be significantly higher by the end of the year. Furthermore, the average cost of a healthcare data breach has grown to $10 million in 2024—twice the average of all other industries. These statistics underscore the need for comprehensive data security measures to protect sensitive information.

While there are many controls, frameworks, and approaches that this article could focus on to build out a comprehensive cyber program, we will specifically address the role of compliance in an effective cyber program. Specifically, improving the effectiveness of cybersecurity through the HITRUST CSF framework.

The Health Information Trust Alliance (HITRUST) provides a framework designed to help organizations effectively manage data security and compliance. The HITRUST Common Security Framework® (CSF) integrates over 50 different regulations and standards, including HIPAA, NIST, SOC 2, PCI DSS, and ISO, creating a comprehensive model for managing cybersecurity risks. HITRUST offers several different certifications to fit different organization types and sizes. In the most rigorous certification, HITRUST r2, the “r” stands for “risk” and the “2” indicates the certification is good for 2 years (an interim assessment is required after year 1).

HITRUST r2 certification signifies that an organization has implemented, maintained, and can demonstrate a robust set of security controls aligned with industry best practices. This certification process involves a thorough evaluation of an organization's policies, procedures, and technological safeguards, ensuring that they meet the stringent requirements of the HITRUST CSF across 19 cybersecurity domains.

Healthcare organizations often have complex data supply chains and must collaborate with several partners and vendors to achieve their business objectives. A HITRUST r2 certification streamlines due diligence processes when forming new partnerships by providing assurances that the sensitive data that is being shared will be protected with industry best practices. In other words, HITRUST certification establishes a shared commitment to data security and protection. For example, a healthcare organization with HITRUST certification can assure its partners that it adheres to high standards of security, making it an attractive collaborator in an increasingly interconnected industry. This not only strengthens existing partnerships but also opens doors for new opportunities.

In a competitive market, having HITRUST r2 certification can also set organizations apart. With so many healthcare providers vying to be part of the data supply chain, organizations who have achieved HITRUST r2 have the ability to showcase a commitment to data security and can be a deciding factor over organizations who do not. A robust cybersecurity posture, evidenced by HITRUST certification, positions organizations as leaders in the field.

Lyric is proud to have achieved HITRUST r2 certification for our market-leading pre-pay editing solution ClaimsXten®. It sends a clear message to our valued customers and partners, that we are committed to security, privacy, and compliance. In a time when healthcare organizations face significant cyber threats, achieving HITRUST r2 certification helps us bolster our cybersecurity posture while helping health plans unlock value and improve results across their payment integrity chain.

About Lyric

Lyric, formerly ClaimsXten, is a leading AI healthcare technology company, committed to simplifying the business of care. Over 30 years of experience, dedicated, expert teams, and top technologies help deliver up to $14 billion of annual savings to our many loyal and valued customers—including 9 of the top 10 payers across the country. Lyric’s solutions leverage the power of machine learning, AI, and predictive analytics to empower health plan payers with pathways to increased accuracy and efficiency, while maximizing value and savings. Lyric is investing in AI driven technology to ease implementation and speed to value for customer savings, while offering enhanced and newly available solutions through internal product development and strategic partnerships, including recently announced partnerships with Concert Genetics, Autonomize AI, and now, Codoxo. Discover more at Lyric.ai

Lyric Admin

We’re proud to be a leading AI healthcare technology company. With more than 30 years of payment accuracy expertise as ClaimsXten, our solutions leverage the power of machine learning, AI, and predictive analytics to empower health plan payers to increase payment accuracy and integrity.

Previous

The Learning Portal: Helping Payers Enhance Payment Integrity
Next

Transformation and Growth: Key Insights from Becker’s Payer Issues Roundtable