During the HIMSS Global Conference 2025 in Las Vegas, Sean Martin and Marco Ciappelli sat down with Ryan Patrick, Vice President of Adoption at HITRUST, for an insightful conversation about cybersecurity and risk management in healthcare. Rather than a traditional recap of the conference session, this discussion explores the critical role HITRUST plays in helping healthcare organizations navigate regulatory requirements, manage risk, and ensure patient safety through robust cybersecurity practices.
Bridging Regulation and Real-World Application
Ryan Patrick shared that HITRUST has spent over 17 years translating federal healthcare regulations into actionable frameworks for organizations. His role involves educating the market about HITRUST’s initiatives while continuously learning from industry feedback. This bi-directional exchange ensures that HITRUST’s frameworks and controls remain relevant and effective. Patrick emphasized the importance of HITRUST’s dynamic approach, highlighting that their framework is updated quarterly to address the latest cybersecurity threats. This frequency sets HITRUST apart from other frameworks like HIPAA, which, despite being nearly 30 years old, struggles to keep pace with modern challenges.
Real Results: 2025 Trust Report Highlights
One of the standout points of the conversation was the 2025 HITRUST Trust Report. The data is compelling—while roughly 45% of organizations reported breaches last year, less than 1% of HITRUST-certified environments experienced incidents. The 2025 report shows this number decreasing even further to 0.59%. According to Patrick, this success is driven by HITRUST’s focus on threat intelligence and its rigorous assurance mechanism, which goes beyond checkbox compliance to ensure controls are effective and actively reducing risk.
Addressing AI and Emerging Technologies
With AI being a hot topic at HIMSS, Patrick discussed HITRUST’s proactive approach to managing AI risks. In December 2024, HITRUST introduced an AI security certification designed to help organizations securely integrate AI technologies. This certification follows HITRUST’s established quality assurance model, offering the same level of scrutiny and validation as its other programs. Patrick likened the current AI landscape to the early days of cloud computing—initial uncertainty followed by widespread adoption, underscoring the need for secure practices as the technology matures.
Listen to the Full Conversation
This episode offers more than just surface-level insights. Ryan Patrick’s perspectives on risk management, the measurable success of HITRUST frameworks, and the thoughtful approach to AI in healthcare cybersecurity provide valuable takeaways for professionals looking to enhance their security posture. Tune in to the full episode for an in-depth look at how HITRUST is setting new standards in healthcare cybersecurity and what organizations can do to stay ahead of the curve.
Learn more about HITRUST: https://itspm.ag/itsphitweb
Note: This story contains promotional content. Learn more.
____________________________
Guest:
Ryan Patrick, Vice President of Adoption at HITRUST [@HITRUST]
On LinkedIn: https://www.linkedin.com/in/ryan-patrick-3699117a/
2025 TRUST REPORT
At HITRUST, we believe that we are building an assurance mechanism that organizations and their stakeholders can Trust. In a constantly shifting threat landscape and regulatory environment, our objective is to continue providing the assurances that organizations need to support their information compliance and security programs.
