Richard Rieben is a Partner and HITRUST practice lead at Linford & Co., where he leads audits and assessments covering various frameworks including HITRUST, SOC, CMMC, and NIST. With over 20 years of experience in IT and cybersecurity and various certifications including PMP, CISSP, CCSFP, GSNA, and CASP+, Richard is skilled in helping growing organizations achieve their information security and compliance goals. He holds a Bachelor of Science in Business Management and an MBA from Western Governors University.
Large Language Models (LLMs) and Generative AI are cutting-edge technologies in the field of artificial intelligence that are rapidly evolving in the business landscape. LLMs are a subset of Generative AI, focusing specifically on language-related tasks. While related, LLMs refer to AI systems capable of understanding and generating human-like text based on large datasets. Generative […]
Over the past several years, the concept of Zero Trust has transitioned from an industry buzzword to a pillar of information security. In this blog post, we will break down what zero trust means in the industry, what the pillars of zero trust are, and how zero trust concepts impact auditing activities and other factors […]
When we engage with clients who are just starting their HITRUST adoption and certification journey, one of the first steps is a readiness assessment. In this article, we will cover the following topics: The various forms of readiness assessments and their characteristics. Challenges organizations face when they are performing a readiness assessment. Success factors which […]
What is HITRUST Certification? Founded in 2007, HITRUST issues certifications to businesses and organizations that are independently assessed for compliance with its Common Security Framework (CSF). An organization can obtain HITRUST certification when all the required controls are fully implemented within the scoped environment. The HITRUST CSF is designed for use by a variety of […]
Our firm has been a HITRUST External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most […]
After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]
Healthcare is a complicated topic. When the term is raised, the altruists among us focus on helping their fellow man. But like any endeavor managed by people, there is a business aspect to it. The business of healthcare faces the same problems as other types of businesses. It must operate efficiently, securely, and offer something […]
“What is HITRUST?” is typically the first question asked by organizations exploring HITRUST for the first time. Formerly, HITRUST stood for Health Information Trust Alliance but several years ago it rebranded to simply HITRUST to align with changes to the “framework,” making it industry agnostic. Is HITRUST a Framework? HITRUST is far more than a […]
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA and SOC 2, the proposal suggests that those who are HITRUST compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what […]
In order to perform a HITRUST assessment, you must be able to score your organization’s control environment compliance with the HITRUST CSF Maturity Model. The maturity model is used for scoring both Self-Assessments and Validated Assessments (more info). Understanding how to use the HITRUST Maturity Model to accurately rate your controls’ compliance is critical as […]
