Healthcare-focused venture firms are forming a best practices group for securing health data

Some of the nation’s top healthcare-focused venture capital firms are banding together to form an advisory council with the technology security certification provider HITRUST  to create best practices for data security for startups developing digital health technologies.

The conversations, spearheaded by the Nashville-based, healthcare-focused investment fund Frist Cressey, were designed to accelerate the adoption of digital technologies throughout the healthcare industry by creating best-practices around data security that large healthcare organizations demand before adopting a new service.

“Our service or our software want to be taken nationwide and everybody gets excited and that’s when you get in front of the chief security officer’s office and they ask if you’re HITRUST-certified,” says Frist Cressey partner Chris Booker. 

“It makes [startups] more marketable or more viable,” says Daniel Nutkis, the chief executive of HITRUST. “Organizations tend to be reluctant to work with startups… [Our certification] gave venture capital firms a level of comfort and we saw it as an opportunity. Chris approached us to better develop a program more targeted at early-stage companies… so that this becomes an easier program and can make it more wide-scale.”

So far investors Ascension Ventures, Bain Capital Ventures, Echo Health Ventures, Frist Cressey Ventures,  Heritage Group, New Enterprise Associates and 7wire Ventures have all signed on to the venture capital advisory council.

For the firms, it’s simply a matter of protecting what is an increasing percentage of capital commitments. Investors have poured $50 billion into healthcare startups, according to data pulled from CB Insights, and nearly $16 billion of those investments were in digital health companies. Meanwhile, early-stage startups are increasingly vulnerable to data breaches and lax security practices — failures of oversight that can mean the difference between life and death for early-stage startups.

“Data breaches and privacy violations… these things can destroy a company,” says Booker.