HITRUST Compliance: Our Commitment to Your Data Security


Did you know that a cyber attack happens every 39 seconds? This disturbing fact illustrates why earning HITRUST CSF® Certification is such an important accomplishment for Phoenix Innovate (PI).

A study done by Clark School at the University of Maryland proved that hackers attacked Internet-connected computers and devices every 39 seconds. That amounted to at least 2,244 hacking attempts per day. When one leaves the confines of that controlled study and enters the business world, those numbers skyrocket. Hackers spend nearly every minute of every day targeting all types of companies and industries. Our HITRUST CSF® Certification is the recognized symbol of excellence that has been bestowed upon our security threat protection processes. 

For more than 15 years, our team has safely and securely managed our clients' data. Since our organization prides itself on being very process-oriented, we see the value in attaining outside certification to demonstrate the level of quality in our approach.

Since data handling is an important component of our client services, we wanted to find an organization that offered the highest level of validity to assessing the security threat processes for electronically protected data. Through our extensive research, our team discovered HITRUST the nationally recognized standard for the highest level of integrity to their certification process.

What is HITRUST?

HITRUST stands for the Health Information Trust Alliance. The organization and its highly respected certification program were founded in 2007 as a response to increased needs for data security in the marketplace. It was designed by taking the requirements from multiple reporting agencies and synthesizing them into one set of protections that is clear and consistent.

To be as specific as it can about data protection, HITRUST gathers 46 control objectives and sections those into 14 control categories. From there, three implementation levels are laid out according to risk factor. Each company seeking certification must follow a total of 845 guidelines to earn it. The result is a common security framework for risk management and a way to streamline protocols, regulations and checks and balances. 

“The HITRUST CSF provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally that need to be certain of their data protection compliance.” — HITRUST Board 

Certification is a Strict Process

More than 84% of health plans and organizations use the HITRUST CSF, but very few business associates take the extra steps to achieve the certification. Even fewer of those associates are marketing agencies. PI believes that all business data deserves to be protected, which is why we were eager to go through HITRUST’s long and rigorous certification process. It took us nearly two years and hundreds of hours working with the HITRUST certification board to complete this goal and it was well worth our time and effort. 

The certification process begins with a comprehensive internal audit where we identified each potential threat to our data’s security and enacted checks and balances to protect that data. A third-party verification made sure we didn’t miss any weak links. After that, the common security framework representatives conducted their own review of our risk management. Compliance officers examined every step of our data reporting and management over the course of several visits to our office and warehouse. We then dedicated many months to proving our compliance by showing that our policies were effective against potential data breaches and hacking. 

Finally, after validation by the assessors, we earned our HITRUST compliance certification in February 2022.

What HITRUST Compliance Means for Our Clients

This certification is a recognized and highly respected benchmark for so many industries. Having gone through the process of earning it shows our clients and prospective clients that our data security processes for key implemented systems meet the regulations and industry-defined requirements. That means PI can be trusted to handle their important and sensitive information.

When many people think of HITRUST Certification, they think of the Health Insurance Portability and Accountability Act (HIPAA) regulations. This makes sense because healthcare information is extremely sensitive and it must be protected now more than ever. This industry has had far too many costly data breaches. For example, healthcare data violations exposed more than 41 million individual patient records in 2019. Several of the largest and most dangerous breaches happened to business associates such as direct mail companies. These incidents put service providers at risk of losing millions of dollars through fines, lost revenue and a severely damaged reputation.

PI continues to provide marketing services to insurance providers and other companies in the healthcare industry. Our team has always understood the importance of protecting HIPAA data from the possibility of breaches and we’ve always done right by our clients. While we will continue to serve healthcare industry clients as a HITRUST-certified company, it’s very important to note that this certification actually applies to ALL sensitive data in ALL industries. The PI team will continue to live up to the principles and practices of HITRUST’s guidelines by giving every client the utmost data protection. 

Protocols Give Everyone Peace of Mind

Criminals keep coming up with increasingly sophisticated methods of data hacking. To prevent them from compromising our clients’ information, we continue to adhere to our HITRUST protocols, which are the strictest in the industry. This makes sure we’re staying ahead of the hackers. In doing so, we can assure our clients that their data is protected, secure and compliant with all state, federal and international security requirements. The peace of mind this offers is nearly priceless.

John Holloway
John Holloway

Vice President – IT Infrastructure & Security

Phoenix Innovate

LinkedIn logo