Press releases

Datica In the News

June 9, 2016

Catalyze Extends Trust, Security and Privacy Commitment with Second HITRUST CSF Certification Assessment

Marcia Noyes

Director of Communications

Digital health company broadens HITRUST Certification to include each of its four cloud infrastructure partners.

Madison, Wis. (PRWEB) June 09, 2016

Catalyze, Inc., the healthcare industry's trusted and mature platform for healthcare IT development teams, announced today that the company has gained the Health Information Trust Alliance (HITRUST) stamp of approval on its second and interim Common Security Framework (CSF) assessment. This HITRUST status expands the scope of HITRUST CSF Certification to include additional cloud providers for Stratum, Catalyze's hosting platform, as well as for Redpoint, their integration product. In addition to Rackspace®, Catalyze's original infrastructure partner, the expanded certification includes AWS (Amazon), Azure™ (Microsoft) and SoftLayer® (IBM) cloud offerings.

Compliance continues to increase in complexity. As technologies evolve to store and transfer increasing amounts of healthcare data, providers face an overwhelming task of managing security requirements from federal and state agencies, as well as other third parties. That encompassing concern heightens by the rise in healthcare data breaches. Accordingly, the HITRUST Alliance developed a clear, secure and efficient system to clarify the complexities and often vague language found within the Health Information Portability and Accountability Act (HIPAA).

Organizations that meet the stringent HITRUST CSF control requirements are more suitably prepped to secure confidential data and manage healthcare's convoluted regulatory environments. Catalyze CTO & Security Officer Adam Leko said it also speaks to "the breadth of Catalyze's compliance approach." Beyond meeting HIPAA's generic requirements, the HITRUST CSF Certification is "a security framework with great detail and depth that is spreading wider in terms of industry adoption," according to Leko.

Digital health company HealthLoop, a Catalyze customer, shared similar thoughts about the importance of HITRUST CSF Certification. "Many vendors and cloud companies tout compliance, but since HIPAA regulations do not provide specific standards, health systems have to spend a lot of time evaluating the level of standards being met. A HIPAA-compliant vendor that only minimally meets standards could be a huge exposure risk," explained Mayank Thanawala, HealthLoop's CTO.

In June 2015, the HITRUST Alliance announced that five of the largest U.S. healthcare payers would make HITRUST CSF Certification mandatory from business associates (BAs) within the coming 24 months. Meeting and ensuring HIPAA security rule mandates, ultimately lessens the payers' compliance burdens.

Leko shared that HITRUST CSF Certification and the subsequent recertification of all of the company's cloud infrastructure partners are a substantial competitive checkpoint to reach. "The third-party verification shows that Catalyze continues to perform exceptionally well, both in meeting the core requirements for HITRUST and in general with securing patient information. Gaining industry verification for our processes, procedures and policies makes the time and effort in obtaining the certification a worthwhile investment."

Compared to the roughly year-long process to gain initial HITRUST CSF Certification, recertification moved along more rapidly with completion in three and a half months. Leko stated, "While I credit our auditor Coalfire℠ for their thoroughness and hard work, I'm especially pleased with how quickly HITRUST turned around our assessment evaluation and approval."


Next
Subscribe to the Datica newsletter today.