![]() ![]() And yet! There are many different things that come up during a formal certification process that not every vendor considers and that we think are worth highlighting. Surely we would blitz through certification, right? After all, with 20 years of experience under our belts building and running Trillian we already knew all about things like encrypting data in transit and at rest. When we started this process, we weren't sure what to expect. It's a way for a vendor to put some skin in the game and prove that they actually " take security seriously".īenefits of choosing a HITRUST CSF certified vendor HITRUST certifications can be expensive (typically in the 6 figures) so they represent a significant - but worthwhile! - investment. This means that authoritative professionals can assess vendors to ensure they are doing the right things according to the frameworks they're targeting, whether HIPAA, PCI, ISO, NIST, GDPR, etc. HITRUST is a privately held company that established the Common Security Framework, or HITRUST CSF, which exists as a third-party certification framework to be used by all organizations that create, access, store or exchange sensitive and/or regulated data. □♂️ HITRUSTĮnter HITRUST and the HITRUST CSF. well, they’re at the back of the class with a note saying their dog ate their homework. ![]() It's like marking your own exam papers: some companies will do this very diligently, and others. Businesses can pay for some training, implement some (or all) rules and regulations and then tick themselves off as HIPAA compliant. Importantly, while there are fines aplenty for being caught violating HIPAA, there is actually no government-approved, formal way to achieve "HIPAA compliance"! This means that anyone claiming to be "HIPAA compliant" is, for the most part, asking you to just take their word for it. As a technology provider, our primary concern is on the "accountability" portion of the act, which means we're responsible for the hows and whys surrounding protection of our customers' Protected Health Information (PHI). To oversimplify a bit, think of HIPAA as a set of rules, regulations, and best practices for everyone in the healthcare sphere from healthcare providers to the technology companies who work with them. The Health Insurance Portability and Accountability Act (HIPAA) was signed into law back in August of 1996. "That's great," you're saying, "but why should I care?" We're so glad you asked! Let's dive into explaining the difference between HIPAA compliance and third-party certification standards like the HITRUST CSF! While it's growing increasingly common to see vendors slap the HIPAA logo on their website and pat themselves on the back, some of us - like Trillian - have gone the extra mile and achieved HITRUST CSF certification. With these numbers on the rise - take a look at some of the most recent breaches here - it is more important than ever to choose a trustworthy technology for your healthcare practice. According to data compiled by the HIPAA Journal, the number of exposed healthcare records tripled from 2018 to 2019.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |