Press releases

Datica In the News

November 3, 2016

Catalyze Banks on HITRUST CSF Inheritance Program to Make Security Validations Easier for Customers

Marcia Noyes

Director of Communications

Catalyze can now willfully extend its HITRUST assessments to customers through the program, reducing costs and required security testing.


Catalyze, the compliant cloud infrastructure for healthcare IT development teams, today became one of the first Health Information Trust Alliance (HITRUST) Certified business associates to participate in the HITRUST CSF Inheritance Program. HITRUST Alliance developed the CSF Inheritance Program and announced its availability in July 2016. The program enables participating service providers that have previously completed the HITRUST CSF certification process to allow their customers who are undergoing a HITRUST CSF Assessment to inherit one or more controls from their certified assessment. This reduces the number of controls their customers should need to test as part of their validation process thereby saving them time and money.

This extension of security controls comes at a critical time for the healthcare industry. Last June, five of the largest healthcare organizations made HITRUST CSF Certification a future requirement for all business associates. However, a KPMG HITRUST preparedness industry survey conducted in August and announced in an October 2016 press release stated, “Two-thirds of business associates are not fully prepared to meet the growing marketplace demands regarding controls for protecting healthcare information, such as patient records.” The survey further indicated that 47 percent of the 600 respondents didn’t have the “right staff with the right level of skills to execute against the HITRUST CSF.”

For healthcare IT firms working with a HITRUST CSF Certified business associate, such as Catalyze, this concern is substantially reduced. “Our customers can now leverage security controls from our previous Validated HITRUST CSF assessments in a fully automated manner,” explained Travis Good, MD, Catalyze CEO and Chief Privacy Officer. “This program allows our customers to demonstrate security measures in place to protect their own clients’ healthcare data through the Catalyze infrastructure. The HITRUST Inheritance Program enables those demonstration efforts to happen seamlessly for our customers while reducing costs and a myriad of compliance headaches.”

There are 135 security controls within the HITRUST CSF. Organizations that undergo a HITRUST CSF Validated assessment must use an approved assessor to test each of the controls. The Inheritance Program allows organizations to take advantage of the investments their participating service provider has made in obtaining HITRUST CSF Certification by allowing them to inherit approved controls and not requiring them to be retested. “This is consistent with and supports HITRUST’s objective to reduce redundancy and streamline the compliance process. Why should multiple organizations pay a third party to test the same control requirement?” said Michael Frederick, HITRUST Vice President of Operations. “Companies like Catalyze can leverage the Inheritance Program to provide even greater value to their customers that are tasked with protecting patient information.”

Learn more with Datica's definitive HITRUST guide. This comprehensive guide details the journey to HITRUST CSF Certification, explains why HITRUST matters, describes the structure of the HITRUST framework, details the associated costs of certification, and more.

Lyniate Acquires Integrate from Datica