• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

KPMG: Two-Third of Organizations Not Ready for HITRUST Standard

by Fred Pennic 10/11/2016 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

KPMG: Two-Third of Organizations Are Not Ready for HITRUST Standard

With all of the demands of protecting healthcare information, two-thirds of survey respondents said they are not prepared to comply with HITRUST standards governing cyber security and steps to keep patient records and medical information secure.  According to a survey of 604 healthcare industry professionals targeting vendors conducted by KPMG, half of those surveyed were “not ready” and 17.4 percent were in planning stages for a HITRUST (the Health Information Trust Alliance) CSF assessment – an internal control-based approach that allows organizations to proactively assess and demonstrate the measures they have taken to protect healthcare information.  

There is no legal requirement mandating that organizations comply with HITRUST standard or SOC 2 – a separate data protection standard set by the AICPA.  However, hackers and the high value placed on healthcare information have any organization that gathers patient records, medical billing or other protected healthcare information deeply concerned about its protection.  An increasing number of organizations want their partners and vendors to have HITRUST or SOC 2 verifications that healthcare information security standards are being met.

Regarding the progress that organizations have made to address HITRUST CSF requirements, only 7 percent said they are completely ready and 8 percent described their organization as “well along implementation.”  The remainder (17.4 percent) were in early stages of implementation.

When asked about staffing capabilities to meet this standard, 47 percent responded that they did not have the “right staff with the right level of skills to execute against the HITRUST CSF.” The survey found 53 percent did.   Respondents found that staffing (15 percent) was the biggest barrier to HITRUST CSF readiness, finishing ahead of cultural, technological, and financial concerns. More than a quarter (27 percent) pointed to all of those factors and 23 percent said “none of the above” were barriers.  

“An increasing number of healthcare organizations are requiring their vendors to demonstrate controls for securing PHI (protected health information) to manage their cyber and regulatory risks, especially since healthcare information is a rich target for hackers,” said Emily Frolick, third-party risk and assurance leader for KPMG’s Healthcare practice in a statement. “These vendors are able to accomplish this through a SOC 2® + HITRUST CSF examination or a HITRUST CSF Certification, both of which enable vendors to communicate their good faith effort to protect patient information.”

 “Neither is mandatory under current law, but the marketplace wants to reduce risks tied to cybersecurity with third-party assurances concerning their data protection efforts,” Frolick added.

 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

Digital Health Funding Q3 2025: Choppy Undercurrents Beneath a Steady Surface

Featured Interview

ConcertAI VP Shares View on AI Hallucinations and the Fabricated Data Crisis in Scientific Publishing

Most-Read

Qualtrics Acquires Press Ganey Forsta for $6.75B to Create the Most Comprehensive AI Experience Platform

Qualtrics Acquires Press Ganey Forsta for $6.75B to Create the Most Comprehensive AI Experience Platform

Pfizer and Trump Administration Announce Landmark Agreement to Lower Drug Costs

Pfizer and Trump Administration Announce Landmark Agreement to Lower Drug Costs

KLAS Report: Epic's Native Ambient Speech Tool Reshapes Customer AI Strategies

KLAS Report: Epic’s Native Ambient Speech Tool Reshapes Customer AI Strategies

Epic Unveils MyChart Central and New APIs to Advance Interoperability at Open@Epic

Epic Outlines Roadmap for Next-Generation Data Sharing at Open@Epic

Epic Launches Comet: A New AI Platform to Predict Patient Health Journeys

Epic Launches Comet: A New AI Platform to Predict Patient Health Journeys

RevSpring to Acquire Kyruus Health, Creating a Unified Patient Experience

RevSpring to Acquire Kyruus Health, Creating a Unified Patient Experience

Oracle Confirms Layoffs in Kansas City

Oracle Confirms Layoffs in Kansas City

Philips Future Health Index 2025: AI and Digital Tech Can Help Solve Cardiac Care Crisis

Philips Future Health Index 2025: AI and Digital Tech Can Help Solve Cardiac Care Crisis

Optain Health Secures $26M to Advance AI-Powered Retinal Screening

Optain Health Secures $26M for AI-Powered Retinal Screening

Sutter Health and Epic Launch "Sutter Sync" to Optimize Remote Chronic Care

Sutter Health and Epic Launch “Sutter Sync” to Optimize Remote Chronic Care

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Op-Ed Submission Guidelines
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |