The Health Information Trust Alliance (HITRUST) is an industry-lead initiative to create a prescriptive, standardized, repeatable Compliance Security Framework (CSF) that all organizations in healthcare can trust. The CSF includes a prescriptive set of controls that harmonizes multiple regulations and standards.
"We want to demonstrate to customers and to the market that we are a trusted partner; HITRUST CSF Certification provides the best means to prove that, and provides a true Certification in support of handling ePHI."
Co-founder, CEO & Chief Privacy Officer
I get that it is an auditing framework, but what makes it any more trustworthy than other third party audits?
Proving compliance is difficult. Complying with HIPAA and proving it are two different things. Anyone can claim compliance, but it is only through the verification of trusted third party audits that consumers can be sure the vendors they select are indeed compliant. Even then it is up to the consumers to research the third party to ensure that they are a legitimate trusted auditor. HITRUST is important because it is the trusted third party auditing framework within the industry. Multiple regulations and standards are harmonized across the HITRUST CSF making it the pinnacle of verified trust. We go into a deeper explanation in our Academy entry What is HITRUST?.
Security is not a fixed target. Security requirements in 2015 are very different and more intensive than they were even two years ago.
HITRUST is interesting and valuable in that companies must re-certify themselves every year. This implies not only that the actual technical work must be completed but the documentation corresponding to those changes, the why, how, when, what all need to be provided as well for review.
This is a pretty significant effort on our end but our customers benefit tremendously from this and can rest assured that their infrastructure is consistent and at the very cutting edge of security.
Was it difficult? Who did you go through? Why did we do it now?
Our path to certification was not easy, nor should it have been. The amount of resources and attention dedicated to obtaining HITRUST CSF Certification is staggering. We went through a third-party auditing firm affiliated with HITRUST. That we passed the framework audit and obtained certification is the best example of our commitment to our customer's needs. We believe we are the vanguard of our customer's privacy and security. Becoming HITRUST CSF Certified exemplifies that.
Catalyze has already completed other audits, so how does this matter more?
All customers on the Catalyze platform can leverage our HITRUST CSF Certification towards their business goals. Whether you are a health system committed to the standards of HIPAA for your patients or a vendor working with hospitals or consumers, our certification gives you an added level of trust and validation.