HITRUST Newsletter June 2021

HITRUST Newsletter June 2021 600 444 Drummond Group
In this issue of Drummond’s HITRUST Newsletter:
  1. To Our Valued Customers and Partners
  2. Join Drummond’s Virtual Session at HITRUST CEP
  3. HITRUST V10 on track for Fall 2021 Release
  4. HITRUST: Organization is Key
To Our Valued Customers and Partners

The purpose of Drummond Group has been to be here for you, our valued clients. Our shared values of integrity, teamwork, customer service and innovation remain as strong today as Drummond’s inception in 1999.

With a focus on global interoperability software testing and certification in retail and consumer goods, Drummond’s founders built this company with a vision for all IT systems in the supply chain to have automated, secure and reliable interactions resulting in the complete modernization of electronic commerce. They foresaw the value of bringing similar interoperability and secure exchange of information for electronic healthcare records (EHRs) to the healthcare industry and later adopted testing and certification services for electronic prescription of controlled substances (EPCS), HITRUST CSF, Payment Card Industry (PCI) compliance and Patient Access API, to name a few.

Over the years, Drummond has grown to be a recognized leader in healthcare IT security, privacy and compliance. Throughout our expansion, we will admit there have been challenges. For instance, leadership and staff in our HITRUST practice include a recent changing of the guard, so to speak, but our values remain in our commitment to performing our work with our clients in a transparent, honest, and accountable manner. Our new HITRUST leadership team includes Doug Ochs, Vice President of Operations and HITRUST Practice Leader, a loyal and service-oriented professional who brings years of experience in health IT compliance services, and Mike Wion, Vice President, HITRUST Sales and Business Development, who’s also had an illustrious career in management of advanced information security functions and integrity of electronic assets, including overall best practices, advanced cyber defense and business continuity. As is the Drummond way, they are building a solid HITRUST team committed to overall customer loyalty and satisfaction.

We are fortunate to have you as new clients or to continue being deeply engaged with many of you over the last few years in providing the technology tools and services thousands of people depend upon in their daily lives around the world. We remain the company who values you, our clients, and are committed to helping each of you succeed by providing innovative solutions in highly collaborative settings. Our technology services in security, privacy and compliance are at the heart of so many important breakthroughs that have true global impact. The People of Drummond are here for you and we look forward to your continued partnership.

21stJoin Drummond’s Virtual Session at HITRUST CEP

Drummond Group would like to invite you to the newly redesigned virtual HITRUST Community Extension Program.


HITRUST has completely reconfigured these events based on feedback from the community. During these virtual events, participants will benefit from the opportunity to learn, engage, and chat with peers and HITRUST experts to discuss the challenges, best practices and lessons learned in effectively implementing a risk management program and improving cybersecurity practices by leveraging the HITRUST CSF, and other HITRUST programs.

Join us as we discuss “HITRUST vs. Other Information Security Programs” 

Presenter: Gila Pyke
Date: Wednesday, June 23
Time: 1-2 pm CT


HITRUST V10 on Track for Fall 2021 Release

HITRUST Common Security Framework (CSF) certifications are moving to increase adoption beyond the healthcare industry. With its upcoming Fall 2021 release, Version 10 is expected to move toward providing a general security framework with optional regulatory factors in multiple industries, including PCI, HIPAA and CMMC.

As the certification body for the NIST Cybersecurity Framework, HITRUST plans to add a certification option for organizations interested in third-party validated assessments to provide their clients extra measures of assurance.

Although comments for V10 will be open to the public soon, this version won’t be released until November at the earliest. This will be a great opportunity to comment on what you’d like to see improved, in case HITRUST hasn’t fixed it already. Drummond believes your hands-on experience with Version 9 can be valuable to the community at large! In addition,

  • If you’re planning to submit a validated assessment through the end of 2022, it is recommended your organization should remain in Version 9.x – don’t plan to move to V10 yet
  • If your organization is starting on the path toward validated assessment right now, start in Version 9.4, just in case.

Are you considering adopting the HITRUST CSF and need assistance with your certification and assessment strategy? Download our data sheet and become more familiar with what is required of HITRUST certifications, or email sales@drummondgroup.com

See related FAQs here. Or contact us to register for HITRUST certification services today!

HITRUST: Organization is Key

HITRUST CSF audits. Regulatory compliance. Validated assessments. These are just a few of the many items to consider when developing your company’s information security, risk and compliance program. To make it to the finish line, maintaining detailed organization is key.

Gila Pyke, Drummond Group’s HITRUST Advisory Practice Leader, compared getting companies set up for their HITRUST assessment to reorganizing a sock drawer. The analogy is a solid one: Having a bunch of colorful, quality, socks is great, but if your sock drawer is not organized efficiently, you run the risk of continually spending money on socks you don’t need.

HITRUST not only provides a harmonized framework of all the security controls customized for your unique environment, it also fosters growth by setting rigorous guardrails on how your security program must be documented, organized, and implemented. By the time you are done, your security and privacy program will be like a newly organized sock drawer: you will be able to point to the exact location of all items when you need them and everything will be matched up appropriately. This will enable your organization to confidently make strategic decisions or changes, much like swapping out your worn-out gym socks for brand new performance socks without having to shake up the whole drawer.

The People of Drummond are here to help you get those pieces in place every step of the way. Our HITRUST advisory and preparation services can help you identify gaps, select the tools you want to build and help you connect the dots between all your security and privacy policies, processes, and implementation.

Once everything is in order, the Drummond Advisory team will work with you to declare that you’re ready for your assessment. Our Validated Assessment team will take over and take an objective look at your program and prepare you for a realistic submission to HITRUST.

As your organization grows and matures, your needs will, too. Drummond’s 20+ years in security and compliance will help make sure that your company has its “socks,” or more importantly, all related assessment artifacts, in order. Reach out to the Drummond Advisory team today to get started on your HITRUST journey.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.