SUNRISE, Fla., Feb. 17, 2026 /PRNewswire/ — North American Partners in Anesthesia (NAPA), a leading single-specialty anesthesia management company, today announced that its clinical and revenue cycle systems have achieved HITRUST Certified status. This certification underscores NAPA’s dedication to robust cybersecurity measures and the protection of sensitive patient and operational data in an increasingly complex threat landscape.
The HITRUST Risk-Based, 2-year (r2) Certification validates that NAPA’s approach to information security meets demanding regulatory compliance and industry-defined requirements. Achieving this certification places NAPA among a select group of organizations worldwide demonstrating a high level of commitment to data protection. As healthcare organizations face escalating cyber threats, certifications like HITRUST are becoming increasingly vital for maintaining patient trust and ensuring operational integrity.
“As cybersecurity expectations rise, our stakeholders expect credible, validated assurance,” said Rafael Cartagena, MD, CEO of NAPA. “Achieving HITRUST Certification reinforces our ongoing commitment to protecting data, managing risk, and maintaining the trust of those we serve.” The certification process involved rigorous independent third-party testing, centralized quality assurance, and is backed by HITRUST’s Cyber Threat-Adaptive engine, ensuring continuous alignment with the latest threat intelligence and evolving standards like NIST, ISO, and OWASP.
What is HITRUST Certification?
HITRUST certification isn’t a single standard, but rather a comprehensive framework that incorporates a variety of globally recognized security and privacy standards. According to HITRUST, the Assurance Program helps organizations address security and data protection challenges through a flexible and prescriptive set of security controls. This approach allows organizations to tailor their security posture to their specific risk profile and regulatory obligations. The HITRUST r2 certification specifically demonstrates a commitment to maintaining these controls for a two-year period.
NAPA’s Focus on Data Security
NAPA’s achievement comes at a time when healthcare data breaches are a significant concern. The company serves millions of patients annually at hundreds of healthcare facilities, making the security of patient information paramount. Beyond patient data, NAPA likewise manages complex revenue cycle processes, requiring protection of financial and operational information. The HITRUST certification extends to both clinical and revenue cycle systems, demonstrating a holistic approach to data security.
“Earning HITRUST Certification demonstrates NAPA’s commitment to managing information risk and protecting sensitive data through a rigorous, proven assurance process,” said Gregory Webb, CEO of HITRUST. “This achievement reflects the organization’s proactive approach to cybersecurity and trust.”
Implications for the Healthcare Industry
NAPA’s commitment to HITRUST certification sets a benchmark for other anesthesia management companies and healthcare providers. As the healthcare industry increasingly relies on digital technologies, robust cybersecurity measures are essential for protecting patient privacy and maintaining the integrity of healthcare operations. The adoption of standards like HITRUST can help organizations demonstrate their commitment to data security and build trust with patients and stakeholders.
NAPA, with 40 years of clinical services experience, provides managed services in anesthesia-driven revenue cycle solutions, talent and workforce strategies, and perioperative consulting. The company’s focus on both clinical excellence and operational efficiency positions it as a key player in the evolving healthcare landscape.
Looking ahead, maintaining HITRUST certification will require ongoing vigilance and adaptation to emerging cyber threats. NAPA’s commitment to continuous improvement in its security posture will be crucial for protecting sensitive data and maintaining the trust of its partners and patients.
What are your thoughts on the importance of cybersecurity certifications in healthcare? Share your comments below.
