Compliance measures, responsibilities, and technologies are constantly evolving for healthcare IT. The primary concern for most healthcare organizations is focused on maintaining compliance with HIPAA/HITECH security standards for the storage of Protected Health Information (PHI).
Earlier this year, we announced that Connectria achieved and added the Health Information Trust Alliance (HITRUST) to our list of third-party certifications. While HIPAA/HITECH serves as the premier compliance measure, HITRUST may be more valuable. In this article, we’ll answer some common questions and help you understand more about healthcare compliance requirements and how HITRUST provides additional benefits and confidence.
For a helpful quick reference, below is a chart that briefly explains common compliance standards.
|HIPAA||The Health Insurance and Portability and Accountability Act (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding medical information.|
|HITECH||The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, promotes the adoption and meaningful use of health information technology.|
|HITRUST||The Health Information Trust Alliance (HITRUST)—in collaboration with public and private healthcare technology, privacy, and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring confidence in the organizations that create, store or exchange their information through its common security framework (CSF).|
HITRUST CSF is the most widely adopted security framework in healthcare. This certification helps organizations manage risk, improve security, and address challenges involving federal and state regulations and standards. Through its innovative risk-based approach, HITRUST identifies challenges and tackles them with a comprehensive and ever-evolving framework of prescriptive and scalable security controls.
To achieve this certification, a healthcare organization must be audited by a third-party assessor and have earned Certified status for information security by HITRUST. Once an organization achieves this certification, it helps to validate a commitment to meeting key regulations, appropriately managing risk and compliance, as well as providing a secure solution focused on protecting sensitive data and information. Essentially, HITRUST provides consumer confidence.
How HITRUST Compares
HITRUST is the opposite of HIPAA in some ways, meaning you always have to be at the 100 percent level. HITRUST’s CSF is a set of prescriptive controls that cover several industry standards, including ISO 27001 and HIPAA. Therefore, HITRUST is not a regulation, and compliance/certification is not mandated. However, HITRUST certification offers a great deal of value to organizations that need to comply with HIPAA.
It is a little bit more involved than most compliances. There is no wiggle room; you are doing it, or you are not. Furthermore, they always want you to progress to the next stage of HITRUST, showing that you are continuously improving your processes. You also have to work directly with the HITRUST company for access to their portal to complete and receive your certification.
HITRUST is also not for everyone in healthcare IT as it is more comprehensive. Where some organizations need that level, others are fine following HIPAA. If you don’t have the bandwidth to go through the HITRUST certification process or even engage an independent HIPAA auditor, you probably don’t have the bandwidth to manage your data in-house. This is where Connectria comes in. We can help you evaluate compliance options and deliver a compliant package.
Connectria’s Compliance Capabilities
Picture a bubble. Inside that bubble is every server and tool that Connectria uses to support and help you become compliant from vulnerability scanning, patching, monitoring, anti-virus, backups, encryption, and more. That bubble is isolated away from our customers and audited on its own. So, our customers do not get audited or hold these certifications. Essentially, our management network is audited by HITRUST, but we cannot make you HITRUST certified. Instead, when you sign up for a compliant package, Connectria provides tools that help you get there on your own.
Contact Connectria for more information and register for our upcoming webinar on Thursday, April 29, below. We are a highly certified and secure organization capable of managing your environment. We help by offering solutions for both private and public clouds as well as on-prem environments. Our managed clouds and private hosted clouds can also help SaaS software developers or MSPs serving the healthcare industry offer HIPAA and HITECH compliant cloud-based solutions.
Architecting for HITRUST in AWS
Thursday, April 29, 1 p.m. CST
Learn how HITRUST certification transforms HIPAA requirements into action, and discover architecture principles to keep your AWS environments secure and compliant.