HITRUST has launched a program to help startup companies accelerate adoption of services and practices to ensure information security.

The organization—a coalition of industry stakeholders collaborating to better secure protected health information—wants emerging companies to take on best practices such as risk management, compliance, and privacy and security services.

HITRUST, which also is an accreditation organization, is working with the small businesses to ensure privacy and security are core tenets of new business operations.

“The RightStart Program gives us the ability to adopt a security framework that will scale with our organization and provide brand name peace of mind to our customers, partners and investors,” says Hoala Greevy, CEO at Paubox, an email encryption firm and early adopter of the service.

HITRUST is focusing on start-ups that have been in business for less than three years, with fewer than 50 employees, and generating less than $10 million in annual revenue.

Hoala Greevy

Also See: CISOs push for stronger security protections in vendor products

The program is a scaled-down version of HITRUST’s core services, starting with the HITRUST CSF privacy and security framework that is continuously evolving with the changing cyber landscape.

CSF enables startups and other organizations to perform assessments and compare results against privacy and security controls, as well as multiple other controls, such as the NIST Cybersecurity Framework, HIPAA requirements and GDPR European regulations.

“Navigating risk management and compliance requirements can be costly, a strain on internal resources and daunting for any company, but it can be compounded in startups that are focusing on their vision to market,” says Mike Parisi, vice president at HITRUST. “The Right Start program will ensure dedicated programs managing risk, compliance, security and privacy are foundational practices within a startup by embedding these security standards into their evolving business models.