HITRUST Collaborate 2023 came to a close on October 5. With more than 35 sessions and over 400 attendees, the 2.5-day conference provided an excellent opportunity to learn from experts and network with professionals. Collaborate was back in person after four years, enabling attendees to interact face-to-face.
The event brought together many organizations to discuss the latest trends and approaches in security, compliance, and risk management. From tech giants, including Amazon, Google, and Microsoft, to major healthcare organizations such as Humana and UPMC, experts from different industries made the conference insightful.
Here are five quick takeaways from HITRUST Collaborate 2023.
1. Stay updated to manage security with AI.
From enhancing cybersecurity to establishing customer relationships, more and more organizations are embracing AI. AI can help customize privacy preferences and ensure compliance with varied data protection regulations. It can also be used by attackers to carry out convincing phishing or targeted social engineering attacks. Organizations must be ready and vigilant. Understanding the need, HITRUST is working to build mechanisms and make AI trustworthy. The HITRUST AI Assurance Program is the first and only system focused on achieving and sharing cybersecurity control assurances for Generative AI and other emerging AI applications.
2. Transform security and compliance with the cloud.
You know that the cloud has changed the way businesses function by allowing them to work more quickly and efficiently. The cloud has disrupted security as well as compliance. It enables companies to automate security operations, reducing the risk of human error. The benefits of the cloud do not stop there. If you work with cloud service providers (CSPs) or other vendors who have HITRUST certification, it can help you achieve your certification faster and more easily. The HITRUST Shared Responsibility and Inheritance Program allows organizations to inherit up to 85% of requirements in a HITRUST assessment from participating CSPs.
3. Seek solutions for effective third-party risk management (TPRM).
Third-party cyber risk has been a daunting challenge for organizations. Organizations use questionnaires as a tool to evaluate third-party cyber risks, though forms are often tedious and ineffective. Vendors do not give clear answers backed by evidence, leading to confusion and miscommunication. TPRM processes should not be about collecting evidence but evaluating risk. Simply talking with your vendors clearly and following new approaches can help make TPRM efficient. Healthcare industry leaders are working towards this mission through the Health 3rd Party Trust (Health3PT) Initiative.
4. Manage and maintain cyber insurance.
According to an S&P Global Ratings report, annual cyber insurance premiums touched $12 billion in 2022 and are expected to reach $23 billion by 2025. Cyber insurance providers are making great strides in increasing the consistency and transparency of underwriting procedures for cyber insurance policies. If your organization is seeking cyber insurance, you must demonstrate cyber maturity to your underwriters. Being threat-adaptive and proving that you stay updated with continually changing control categories can make a significant difference. Quantify your risks to assess how much coverage you need. Once the policy is issued, involve your insurance provider to keep your organization prepared.
5. Streamline compliance process.
Do audits scare you? It’s time to change your approach. Think of an audit as an opportunity instead of a burden. Use policies and audits to drive initiatives and make strategic decisions. Implement continuous monitoring programs to stay compliant. Providing the same evidence repeatedly to comply with different frameworks can be frustrating. The HITRUST CSF consolidates multiple authoritative sources, enabling organizations to achieve compliance with several frameworks with a single audit.
HITRUST Collaborate 2023 covered the latest in security, compliance, and risk management. Whether you attended this year or not, plan to attend next year to enjoy the latest information and innovations, as well as an exciting speaker lineup. See you next year!