HITRUST
 | This article needs additional citations for verification. (May 2019) |
| Company type | Private |
|---|---|
| Industry | Health information technology |
| Founded | 2007 in Frisco, Texas, U.S. |
| Founder | Daniel Nutkis |
| Headquarters | Frisco, Texas , U.S. |
Key people | |
| Parent | Brighton Park Capital |
| Website | hitrustalliance |
HITRUST is a for-profit company headquartered in Frisco, Texas, United States. As of April 2025, the company is primarily owned by the private equity firm Brighton Park Capital. HITRUST is led by Daniel S. Nutkis, who currently serves as Chief Executive Officer. Nutkis was previously the sole owner of the company before the transition in ownership.
HITRUST was established in collaboration with stakeholders from the healthcare, technology, and information security sectors to create the HITRUST CSF. According to the company, the CSF is a comprehensive, prescriptive, and certifiable framework designed to be used by organizations that create, access, store, or exchange sensitive or regulated data.
The HITRUST CSF
[edit]The HITRUST CSF is a prescriptive set of controls designed to address the requirements of multiple regulatory standards and frameworks. Developed by HITRUST in collaboration with healthcare, technology, and information security stakeholders, the framework aims to streamline compliance efforts across a range of industries. [1] [2][3] Developed by HITRUST in collaboration with healthcare, technology, and information security stakeholders.
HITRUST CSF has garnered criticism for being "cumbersome, expensive, arbitrary, unnecessarily complex", and using "outdated data".[4][3]
Current version 11.5 of the HITRUST Framework (HITRUST CSF).
Board of Directors
[edit]Source:[5]
HITRUST is led by a management team and governed by a Board of Directors made up of leaders from across a variety of industry. These leaders represent the governance of the organization, but other founders also comprise the leadership.
The Board Members are:
- Daniel S. Nutkis - Chief Executive Officer, HITRUST
- Robert Booker - Chief Strategy Officer, HITRUST
- Pamela Arora - President and Chief Executive Officer, AAMI
- Caroline Budde - Associate General Counsel, Digital & Data Assets, McKesson
- Dr. Kevin Charest - Chief Information Security Officer, Accumulus Synergy
- George DeCesare, JD - Senior Vice President, Chief Technology Risk Officer, Kaiser Permanente
- Kimberly Gray, Esq - CIPP Chief Privacy Officer, Global, IQVIA
- Omar Khawaja - Vice President, Security, and Field Chief Information Security Officer, Databricks
- Stirling Martin - Senior Vice President, Epic and President, Epic Hosting
- Roy R. Mellinger - Senior Vice President, Security, Privacy, IT Risk and Compliance and Global Chief Information Security Officer, Aimbridge Hospitality
- Aman Raheja - Chief Information Security Officer, HP Enterprise
References
[edit]- ^ Bosworth, Seymour; Kabay, M. E.; Whyne, Eric (2014). Computer Security Handbook, Set. John Wiley & Sons. ISBN 9781118851746. Retrieved 16 May 2019.
- ^ Snedaker, Susan (2013). Business Continuity and Disaster Recovery Planning for IT Professionals. Newnes. ISBN 9780124114517. Retrieved 17 May 2019.
- ^ a b Schreider, Tari (2017). Building Effective Cybersecurity Programs: A Security Manager's Handbook. Rothstein Publishing. ISBN 9781944480509. Retrieved 16 May 2019.
- ^ "Delaware Health Information Network Pursues HITRUST Certification". www.govtech.com. Retrieved 20 August 2019.
In an open letter to the HITRUST Alliance written and posted to LinkedIn last year, a network security professional named Kamal Govindaswamy questioned the usefulness of the HITRUST CSF, describing it as "cumbersome, expensive, arbitrary, unnecessarily complex" and using "outdated data."
- ^ https://hitrustalliance.net/board-of-directors