What is HITRUST?

The Health Information Trust Alliance, or HITRUST, is the gold standard in data security for all industries, in particular healthcare. HITRUST is a privately held company located in the United States that, in collaboration with healthcare, technology and information security leaders, has established a Common Security Framework (CSF) that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

HITRUST CSF combines HIPAA, ISO, NIST, PCI and other internationally and nationally accepted standards and provides clarity and consistency, which reduces the burden of compliance with the varied requirements that apply to organizations.

That sounds complicated.

Well actually, HITRUST CSF is making things less complicated. Instead of having different definitions and levels of data security compliance, which often vary between industries and even between companies, there is now one universal standard. HITRUST is helping industry agents and their vendors understand each others needs and services for data security.

Was it hard to become HITRUST CSF certified?

Yes it was. The rigorous certification process took over a year. Essentially we were given an incredibly detailed checklist and were audited multiple times until every item on the checklist was marked. Items on the checklist involved physical security (employee background checks, restricted area mailing rooms) and electronic data security (monthly reviews, firewalls, secure servers). In order to maintain our certification, we will have to repeat the process every 2 years.

Sounds good, but what does this mean for me?

First and foremost, it means your data is as safe as it possibly can be. Second, it means there is no longer any confusion as to what “compliance” means. We have documentation detailing the various methods of data security used on our premises. Whatever your specific needs are, we can very clearly show you how we meet, and probably exceed, those needs and expectations.