The healthcare industry is the top target for cybercriminals. Not only is the number of data breaches increasing, but the number of records breached is also on the rise. In 2022, 51.9 million records were breached. In 2023, that number rose to 168 million, according to the HIPAA Journal.
What does this have to do with HITRUST certification?
Everything.
HITRUST stands for Health Information Trust Alliance. This standards organization developed the HITRUST Common Security Framework (CSF). This framework combines best-in-class security controls and risk management from HIPAA, NIST, ISO, and PCI, embedding them all into its comprehensive security and privacy program. It includes 1,800 security controls and offers HITRUST certification services.
Becoming HITRUST certified and requiring your third-party vendors to do the same translates to the highest standards in privacy and security practices for electronic protected health information (ePHI). According to the NCC Group, over 80% of hospitals and health plans have implemented the HITRUST CSF as the basis or resource for their security program, making it the most widely used framework in the healthcare industry.
Because of our commitment to the highest levels of security and safeguarding sensitive patient information, notifyMD® became the first telephone answering service to be HITRUST certified. Achieving the gold standard in health information privacy and security ensures stringent compliance to their extensive risk management practices.
To achieve this, we became r2 HITRUST certified. This two-year validated assessment represents the highest information protection and compliance assurance level and is the most comprehensive option in the organization’s HITRUST certification services. It ensures robust cybersecurity practices, tailored controls that cover the risk and compliance factors specific to an organization, and demonstrates that nofifyMD® meets the most demanding information risk assessments.
Medical practices and hospitals request third-party r2 assessments from providers involved with ePHI and other sensitive data, as well as those deemed high-risk. This practice ensures your business partners and providers understand the cybersecurity protection and compliance standards required in today’s environment.
HITRUST’s 2025 Trust Report demonstrated the organization’s ability to reduce cyber risks. HITRUST-certified companies reported a 0.59% incident rate in 2024. That means about 99.4% did not experience a breach, an astounding record in light of the current cyberattack rates.
This report also acknowledges that the HITRUST cyber threat-adaptive framework guards healthcare providers against the latest threats. As the cyberattack landscape transforms, it’s essential to stay updated on the latest tactics used by cybercriminals.
Partnering with a medical answering service without HITRUST certification leaves you at greater risk of potential data breaches, the result of which can be devastating. From lost revenue to extensive fines and diminished patient trust, successful cyberattacks can lead to severe repercussions.
Maintaining HITRUST healthcare standards ensures your patients’ sensitive data is secure and protected against breaches. To accomplish this, we perform the following security controls.
By managing compliance, reducing risk, and upholding the strictest cybersecurity procedures as defined by HITRUST, you can be confident in our HIPAA-compliant security protocols.