Formed in 2007, the Health Information Trust Alliance (HITRUST) is a data protection standards and development certification organization designed to help providers, business associates, and vendors better safeguard sensitive data and manage IT risk across all industries and throughout the third-party supply chain. The HITRUST Common Security Framework (CSF) has become the gold standard for compliance framework in the healthcare industry as it addresses the requirements of existing standards and regulations including HIPAA, PCI, COBIT, NIST, ISO, FTC, and state laws.
To become HITRUST certified, an organization must first complete a HITRUST CSF Readiness assessment to determine if the current alignment of its security and privacy controls relates to the requirements defined in the HITRUST CSF. Then, an organization can select a certified HITRUST CSF Assessor Firm that will perform several risk assessments, audits, and quality assurance procedures over the course of two to four months. The organization will be scored on these assessments and must meet a minimum compliance level to become HITRUST certified.
Research has shown 97 percent of organizations that pursue a HITRUST Certified Security Framework certification rapidly improve their information security posture to meet certification and, most importantly, maintain their security posture. Furthermore, with a mature information protection program in place, organizations are less likely to suffer a breach and are more likely to be able to contain and minimize the impact of a breach, should one occur.
Organizations that implement a robust information security continuous monitoring (ISCM) program such as HITRUST to continually assess the state of their information security controls not only achieve higher levels of maturity, but also make better and more timely decisions. Additional benefits include on-demand, real-time insight into organizational security and compliance risk posture, better prioritization of remediation activities, and a higher level of assurance. Forrester Consulting also found that organizations with identity and access management (IAM) practices generate 90% more productivity, save 40% in technology costs, and save an average of $5 million in breach costs.
While the HITRUST CSF can be used by all organizations that create, access, store, or exchange sensitive and/or regulated data, it is ideal healthcare organizations because of its prescriptive framework for managing the security requirements inherent in the Health Insurance Portability and Accountability Act. HITRUST offers providers a trusted benchmark from which they can measure and manage their own compliance, while offering proven protection to their patients and partners.
Here at etherFAX, we are dedicated to meeting all regulatory compliance standards for data protection and are currently in the final stages of the HITRUST CSF assessment. We expect to officially receive our HITRUST certification in Q1 2020. All of etherFAX’s North American data centers providing encrypted fax are in scope and will be certified.
As part of our commitment to provide our customers with the most secure document delivery solution in the industry, we have implemented multiple defense-in-depth strategies into our patented etherFAX technology including two-factor authentication and end-to-end encryption to guarantee that patient data and business-critical information remain protected. Our cloud-based fax solutions are also SOC 2 compliant, HIPAA compliant, and PCI DSS compliant for guaranteed security.