The healthcare industry faces unique challenges around health data privacy and security. Third-party suppliers such as independent software vendors (ISVs) and their cloud-based applications are extremely important to healthcare providers, health insurance, and other healthcare industry players. Furthermore, security teams must work harder to maintain HIPAA compliance and protect sensitive data as a result of digital innovation and the requirement for continual data access.
At its inception, HITRUST was created specifically for healthcare, originally branded as the “Health Information Trust Alliance.” HIPAA law required that Personal Health Information (PHI) be protected but failed to specify the steps to comply with said protection, leaving many healthcare organizations searching for a way to streamline their security.
HITRUST implemented its 14 control measures which stated specific controls and steps necessary to safeguard PHI with the most detailed framework of security protocols. While this was a crucial system for healthcare, it held little value for other industries, that is, until the HITRUST CSF v9.2 was put in place in 2019. This upgrade allows companies outside of healthcare to adjust the framework’s specifications to meet their cybersecurity needs which may or may not include HIPAA regulations.
Project Hosts provides a HITRUST Certified PaaS on Microsoft Azure and AWS that helps ISVs achieve HITRUST compliance sooner and at less cost than attempting a certification on their own.