HIPAA & HITRUST

Project Hosts’ Turnkey Healthcare Compliant Cloud is both HIPAA compliant and HITRUST CSF certified.  We ensure that all HIPAA & HITRUST security controls are implemented and documented when your solutions are deployed.  This means less time and money spent on compliance activities.

​

Why we include HITRUST

HITRUST CSF provides a prescriptive set of controls that meet the requirements of not only HIPAA, but other security standards such as PCI and NIST 800-53 v.4.  HITRUST builds on HIPAA, a non-prescriptive compliance framework, and creates a standardized compliance framework, assessment, and certification process for the healthcare industry.  HITRUST CSF certification is a much more rigorous process, with a higher burden of proof put on the organization trying to achieve certification, than a HIPAA audit. That is why Project Hosts provides not only a HIPAA compliant cloud, but a HITRUST certified cloud environment to host your data, workloads and applications.

​

HIPAA

• Self attestation

• Compliant through ISO audit

• Not Updated (Stagnant)

• Not very prescriptive – Example: passwords – (Password rules are not mandated)

​

HITRUST

• Official certification

• Audited by HITRUST certified auditors

• Continually updated

• Prescriptive – Example: passwords – (Minumum length: 8 characters, Complexity: 3 out of 4 character types, Change requires 4 changed characters, Password expiration: Every 60 days, Reuse: Can’t use last 6 passwords, Etc.

• As a result, many Providers, Payers and other covered entities are requiring HITRUST.