HITRUST Certified Companies
MAP Communications, Inc., a leading provider of professional telephone answering/call center and virtual receptionist services, is pleased to announce its groundbreaking achievement of being the first in the industry to achieve the HITRUST Risk-Based, 2-Year (r2) Validated Assessment + Certification which “is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight.” Learn more about the HITRUST r2 Assessment + Certification. https://hitrustalliance.net/assessments-and-certifications. This significant milestone underscores MAP Communications’ unwavering dedication to ensuring the highest standards of information security and data privacy within the healthcare industry.
What Is HITRUST Certified
HITRUST is the Health Information Trust Alliance. It was founded in 2007 to support organizations in all sectors–but especially health organizations–to reach information risk management and compliance objectives. In fact, according to the HITRUST Alliance, 81% of hospitals and health systems and 83% of health plans utilize the HITRUST Certification Standard Framework (CSF).
HITRUST was created to provide an option for the healthcare sector to address information risk management using a matrix of third-party assessments. The idea is to consolidate efforts and reduce the need for multiple reports, i.e., “assess once, report many.”
HITRUST includes elements from risk management frameworks like The Payment Card Industry Data Security Standard (PCI DSS), HIPAA, NIST 800-53, NIST CSF, and ISO 27001.
The “HITRUST approach,” along with HITRUST certification, gives vendors and covered entities a way to demonstrate compliance to HIPAA requirements based on a standardized framework. The ultimate goal of HITRUST certification is for businesses to effectively manage data, information risk, and compliance.
The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. The HITRUST Alliance is a not-for-profit organization, founded in 2007, born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.
HITRUST also leads many efforts in awareness, education, and advocacy related to information protection. In addition, HITRUST’s framework has since been developed to be non-industry specific.
Why Get HITRUST Certified
HITRUST certification verifies that a company uses the strictest requirements with high-risk data. In the event of a data breach or security lapse, you want to know that your company took as many precautionary steps as possible to uphold compliance and provide a secure environment for sensitive information.
Patients entrust their healthcare providers with detailed sensitive information about themselves, and they trust that that information will be protected.
The HIPAA Security Rule states that organizations must conduct “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”
HITRUST vs HIPAA
The HITRUST alliance seeks to provide organizations with a way to show evidence of compliance with a variety of mandated security controls. HIPAA is a law, which was enacted in 1996 by lawyers and lawmakers and is enforced by the US Department of Health and Human Services (HHS).
According to the HHS, “The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form . . . This means that covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information.”
HITRUST does not replace HIPAA, but it can provide measurable criteria and objectives for applying “appropriate administrative, technical, and physical safeguards.”
