HarmonyCares Sets New Security Standard with HITRUST r2 Certification

TROY, Mich. – May 19, 2026 – HarmonyCares, a national provider of in-home primary care for patients with complex health needs, has achieved the rigorous HITRUST r2 certification for its core healthcare applications and cloud infrastructure. The announcement signals a significant step in bolstering data security at a time when the healthcare industry remains a prime target for cyberattacks.

For patients receiving care in their homes, the assurance that their most sensitive personal health information is protected is paramount. This certification demonstrates that HarmonyCares is meeting some of the highest and most comprehensive standards for cybersecurity and information protection, validated through an independent, third-party assessment.

"HarmonyCares has been trusted for more than 30 years to deliver care in our patients' homes. Protecting our patients' data is foundational to the care we provide," said Jonathan D'Souza, Chief Technology Officer of HarmonyCares. "Achieving HITRUST r2 certification reflects our continued investment in secure technology infrastructure, rigorous data protection practices, and ongoing monitoring to ensure we safeguard the sensitive information entrusted to us by our patients, partners, and care teams."

The Gold Standard of Cybersecurity

While many healthcare organizations focus on meeting the baseline requirements of the Health Insurance Portability and Accountability Act (HIPAA), the HITRUST r2 certification represents a much higher bar. HIPAA dictates what information must be protected, but the HITRUST framework provides a detailed, prescriptive roadmap on how to protect it. The Risk-based, 2-year (r2) Validated Assessment is widely considered the gold standard in the industry due to its depth and comprehensiveness.

The framework harmonizes more than 60 different security and privacy regulations and standards—including HIPAA, NIST, ISO, and GDPR—into a single, auditable control set. This allows an organization to be assessed once and report compliance across multiple frameworks. The r2 certification process is particularly demanding, evaluating an organization's controls against five maturity levels: policy, procedure, implementation, measurement, and management. With a pool of over 2,000 potential controls, the average r2 assessment scopes around 385 specific controls tailored to the organization's risk profile.

This level of scrutiny provides a far greater degree of assurance than self-assessments or even other common certifications. It involves a thorough audit by an independent firm, followed by a quality assurance review by HITRUST itself, ensuring that security measures are not just documented but effectively implemented and managed.

A Proactive Defense in an Era of Digital Threats

The move by HarmonyCares comes at a critical time for the healthcare sector. For the last decade, healthcare has accounted for over half of all data breaches, with the average cost of a single breach in the industry soaring to nearly $11 million. The catastrophic ransomware attack on Change Healthcare in early 2024, which impacted an estimated 192.7 million individuals, served as a stark reminder of the sector's vulnerability.

The threat is not limited to large hospital systems. The home healthcare space is an increasingly attractive target for cybercriminals. Recent incidents, such as the data breach at Elara Caring through a third-party vendor and the exposure of an unencrypted database at Archer Health, underscore the unique risks associated with providing care outside traditional clinical settings. These breaches exposed everything from Social Security numbers and financial information to specific medical diagnoses and treatment plans.

By achieving HITRUST r2 certification, HarmonyCares is adopting a proactive, threat-adaptive posture. The HITRUST framework is backed by a Cyber Threat-Adaptive engine that analyzes real-world threat intelligence to update controls, helping organizations defend against emerging risks like sophisticated phishing and ransomware attacks. This commitment to continuous improvement is vital in a landscape where cyber threats are constantly evolving.

Building Trust in the Home Care Frontier

For a company that operates in over 40 markets across more than 12 states, building and maintaining trust is a core business imperative. The in-home care model relies on a deep, personal relationship between providers and patients. A data breach can shatter that trust, causing patients anxiety and potentially leading them to withhold information or avoid care altogether.

The HITRUST r2 certification serves as a powerful signal to patients, their families, and healthcare partners that the organization takes its data stewardship responsibilities seriously. It provides tangible, verifiable proof of a robust security program, moving beyond simple promises to a state of proven compliance.

This level of assurance is also becoming a prerequisite for doing business within the broader healthcare ecosystem. Health plans, government programs, and other partners are increasingly requiring their vendors to demonstrate high levels of security. By achieving the most rigorous HITRUST certification, HarmonyCares not only strengthens its own security posture but also positions itself as a trusted and reliable partner, capable of meeting the most demanding security requirements.

"Earning HITRUST Certification demonstrates HarmonyCares' commitment to managing information risk and protecting sensitive data through a rigorous, proven assurance process," said Gregory Webb, CEO of HITRUST, in a statement. "This achievement reflects the organization's proactive approach to cybersecurity and trust."

Ultimately, this certification is more than a technical achievement; it is a strategic investment in the future of value-based home care. By embedding top-tier cybersecurity into its operational DNA, HarmonyCares is reinforcing the foundation of its patient-centered model and setting a new benchmark for security and privacy in the rapidly growing home healthcare industry.