What is HITRUST certification and why does it matter?

HITRUST award symplr

HITRUST was founded in 2007 to help organizations prioritize security, manage data and compliance, and mitigate information risk. Today, it is one of the most rigorous and comprehensive security standards, established to safeguard sensitive data, especially in the critical realm of healthcare. The HITRUST Assurance Program includes U.S. federal and state regulations and incorporates a risk-based approach to help organizations address security challenges through a comprehensive and flexible framework of security controls. The certification encompasses the requirements of several other security regulations and frameworks, including HIPAA, SOC 2, NIST, and ISO 27001.

As cybersecurity concerns escalate in the healthcare industry, more provider organizations are demanding the highest level of security assurance that HITRUST certification provides. We are proud to have achieved HITRUST (r2) certification for three of our core products, in addition to several other security attestations including SOC 1 Type II and SOC 2 Type II as the standard for protecting healthcare customers’ data. Industry-wide adoption of security standards such as HITRUST aligns with our mission of unifying hospital operations and demonstrates our commitment to patient wellbeing and optimized outcomes. 

Benefits of HITRUST compliance and certification


Hospitals and healthcare organizations are home to vast troves of personal, sensitive data. As evident by recent global cyberattacks such as the MOVEit vulnerability in third-party software, organizations are increasingly vulnerable to potential cyberattacks and data breach. Cybersecurity is one of the top three threats CIOs face at healthcare organizations as found in symplr’s 2022 Compass Survey, and attention is only increasing as more organizations move to the cloud and regulatory protocols become more complex.

Security frameworks like HITRUST provide assurance that patients’ sensitive information is secure, while reducing risk of costly compliance and security violations. The process of HITRUST certification is challenging and expensive, but it is worth it for the assurance it provides to your organization, your partners, and your patients. Its blend of security and compliance mandates ensures that an organization’s information risk and compliance management programs are comprehensive and top-notch. 

HITRUST certification offers healthcare organizations additional benefits, including:

  • Simplifying future compliance management efforts
  • Providing security assurance to patients
  • Lowering your insurance premiums
  • Strengthening your organization’s reputation for security
  • Accelerating work with vendors and partners
  • Proving that you are HIPAA-compliant

Hospitals Struggle with Security


While many hospitals require HITRUST, many in the industry are yet to undertake the time-consuming certification process of meeting and maintaining HITRUST compliance. Providing top-notch technical and security support for healthcare organizations operating with tight resources in an increasingly complex environment is a significant challenge for most CIOs and security teams. 

symplr's HITRUST and robust security attestations represent a significant effort on the part of our team. We are committed to supporting healthcare organizations in keeping information safe and secure so clinicians can focus on their patients. As strategic partners and good stewards of healthcare organizations’ information, these efforts are to help extend hospitals' internal resources to support security best practices and shore up security to protect patient data and sensitive healthcare information. 

symplr earned HITRUST certification in information security for software applications including symplr Payer, symplr Contract Management and symplr Clinical Communications (with two of these recertifications). This adds to System and Organization Controls (SOC) attestation reports, which are another independently validated security and risk assessment framework highly desired by hospitals and health systems to ensure that partners and vendors have critical security controls in place. Our SOC 2 Type II attestation for symplr Clinical Communications, and SOC 1 Type II and SOC 2 Type II reports for symplr Talent Management, represent an additional stamp of approval in the security space. Our recent certifications and attestations reflect significant progress in our continuous journey to achieve the highest caliber of security assurances for customers

Learn more about symplr’s HITRUST certifications


Security management and the cloud 


New regulations are constantly being introduced to add protections as the world embraces cloud applications and Software as a Service (SaaS) technology. Vendors must step up because it can be difficult for organizations to ensure compliance with the latest SaaS security standards. The cloud does not have to be scary. Prioritizing security through SaaS initiatives with stringent security protocols built in at both ends—for example, at symplr and at the user’s point of access—represent security measures that are highly valued by healthcare customers and their Information Security teams.  

Recent events have made me fully appreciate our efforts in providing robust and transparent security at symplr and the payoffs of our commitment to information security. While organizations worldwide are reacting to the news of the global cyberattacks leveraging the MOVEit vulnerabilities, we were able to successfully complete an investigation to determine that the company and our services were not impacted, and controls were in place to appropriately mitigate future risk. The customer relief when fielding questions and communicating across teams was priceless. 

symplr’s meaningful investment in security is reducing the time needed for employees across the organization to respond to such security incidents, saving costs, protecting customers, and increasing the accuracy and level of confidence in security measures both internally and externally. The investment and effort are worth it. 

I’m proud to be part of the symplr Information Security team who have set the bar high for security management and I encourage everyone else to follow suit – we are in this together!



Request a Demo