Skip to content
 

Sequential Tech, a leading business process outsourcing (BPO) provider, successfully leveraged existing compliance efforts to streamline its journey toward dual HITRUST certifications. The organization pursued HITRUST e1 as a steppingstone to i1 and strengthened its cybersecurity posture, gained a competitive edge, and expanded market opportunities.

This success story highlights how the company balanced multiple compliance demands, overcame challenges, and unlocked new growth through strategic cybersecurity.

Background

Sequential Tech maintained a strong compliance focus, initially driven by the need for PCI (Payment Card Industry) as it handled sensitive cardholder data. As the company grew, its ambition to expand in multiple sectors grew. Sequential Tech was looking to penetrate the healthcare market, but that meant meeting the demands of rigorous security standards beyond PCI and earning the trust of stakeholders.

Challenges

The healthcare industry handles a lot of sensitive information. It is a complex industry with multiple third-party vendors sharing and managing data. Sequential Tech realized that it’s important to earn the trust of stakeholders and meet client expectations to expand in healthcare.

Sequential Tech had PCI compliance, but it quickly understood that the healthcare market required a more comprehensive security framework and assurance. PCI could not fully address the healthcare sector’s unique requirements. The organization also struggled with balancing and meeting the requirements of multiple standards, including HIPAA.

Achieving a HITRUST certification was the key to ensuring robust cybersecurity and opening doors to new business opportunities.

Preparation

Sequential Tech decided to pursue HITRUST certification to meet its dual goals of protecting sensitive data and entering the healthcare market with confidence. The company’s leadership realized that pursuing a HITRUST certification serves multiple business purposes, such as meeting regulatory requirements, boosting client trust, and enabling market expansion.

As the teams began their preparations, they learned about the launch of HITRUST e1 certification in early 2023. The HITRUST e1 leverages an essential set of 44 controls and offers quicker certification than other assessments. It focuses on the most critical cybersecurity measures.

Sequential Tech strategically decided to pursue the HITRUST e1 certification as it offered an ideal entry point. Moreover, it enabled an efficient and streamlined approach toward the HITRUST i1 certification, positioning the company for future growth.

HITRUST e1 certification journey

The teams at Sequential Tech had implemented good security hygiene measures. They leveraged this along with their PCI compliance efforts to fast-track and streamline their e1 certification journey. HITRUST’s assessment platform, MyCSF, and a readiness assessment indicated that they were 90% on their way to getting an e1 certification.

“Achieving HITRUST certification has given us the credibility and assurance we needed to enter the healthcare market with confidence. It allows us to demonstrate our commitment to security and compliance in a way that resonates with clients and sets us apart from competitors.”

– Marc Ennico, Director of GRC, Sequential Tech

The compliance and IT teams worked together to prepare the necessary documentation and evidence for the assessment. They ensured that all security measures were in place. Within three months, they achieved the HITRUST e1 certification and leveraged it to gain a trusted entry into the healthcare industry.

Moving beyond e1: HITRUST i1 certification

Sequential Tech quickly moved forward with its plans for HITRUST i1 certification after earning the e1 certification. It decided to advance based on market demands and the organization’s internal goals. The i1 certification would deepen its security capabilities to mitigate risk and provide a competitive edge in winning healthcare clients who value or require a higher level of security and stronger assurance. It would also help the organization manage risks while working with suppliers and third-party vendors.

The organization was navigating multiple regulatory compliance demands while pursuing HITRUST for its core risk mitigations and market value. It realized it could ultimately streamline other compliance efforts by focusing on implementing HITRUST controls and doing security right. This approach was possible as the HITRUST framework harmonizes over 50 standards, reducing the overall burden of compliance.

“The success of our HITRUST journey was driven by strong leadership support and a committed team effort. Each team member played a crucial role, bringing their expertise and dedication to overcome challenges and achieve our certification goals.”

– Marc Ennico, Director of GRC, Sequential Tech

Sequential Tech navigated the HITRUST certification journey efficiently as it was backed by strong executive support and internal expertise from HITRUST-certified auditors. Cross-functional collaboration between IT, compliance, and project management teams ensured necessary resources were in place.

The process involved revisiting and strengthening existing security measures, ensuring that controls had matured and aligned with the more rigorous requirements of the i1 certification. Weekly readouts to the executive team helped maintain focus. Internal recognition programs boosted team morale, fostering a sense of collective responsibility and achievement.

Moving from e1 to i1 was streamlined as all the 44 e1 controls overlap with the 182 i1 controls that represent leading security practices used around the world. Sequential Tech reduced redundancy, saved time, minimized costs, and optimized resources to achieve the HITRUST i1 certification.

Results and impact

Sequential Tech leveraged its existing work to avoid duplicating efforts and focus on continuous improvement, rather than starting from scratch.

The results of achieving both HITRUST e1 and i1 certifications were transformative. e1 enabled the organization to enter the healthcare market more quickly and offered a significant advantage in conversations with potential clients. The i1 certification further solidified its position, enhancing client trust and opening the door to more complex projects in the healthcare sector.

Sequential Tech enhanced its security posture and earned strategic advantages with HITRUST certifications. It is now a critical selling point, enabling the company to compete at a higher level and be a differentiator in the market. The certifications have expanded Sequential Tech’s market opportunities, positioning it as a trusted, security-focused provider in industries that demand the highest levels of data protection.

Lessons learned and best practices

Sequential Tech’s journey offers valuable lessons for other organizations considering HITRUST certification.

  • One key takeaway is organizations with solid security fundamentals and specialized requirements, such as PCI, are often well-positioned to achieve HITRUST certification.
  • One of the best practices is fostering cross-functional collaboration and ensuring strong executive support.
  • The final takeaway is recognizing the maneuverability of the HITRUST portfolio. Moving from one assessment type to another can help ensure a smoother, quicker certification process.

Strategic cybersecurity offers significant business advantages. Invest in robust security measures and leverage existing frameworks to meet multiple regulatory requirements and unlock new opportunities with HITRUST.

<< Back to all Case Studies Next Case Study >>

Subscribe to get updates,
news, and industry information.

Chat

Chat Now

This is where you can start a live chat with a member of our team