HITRUST is a data protection standards and development certification organization designed to help providers, business associates, and vendors safeguard sensitive data and manage IT risk throughout the third-party supply chain. The HITRUST CSF has become the gold standard for compliance framework in the healthcare industry as it addresses the requirements of existing standards and regulations including HIPAA, PCI, COBIT, NIST, ISO, FTC, and state laws.
To become HITRUST certified, an organization should complete a HITRUST CSF Readiness assessment to determine if the current alignment of its security and privacy controls relates to the requirements defined in the HITRUST CSF. Then, an organization can select a certified HITRUST CSF Assessor Firm that will perform several risk assessments, audits, and quality assurance procedures over the course of two to four months. The organization will be scored on these assessments and must meet a minimum compliance level to become HITRUST certified.
Research has shown organizations that pursue a HITRUST Certified Security Framework certification rapidly improve their information security posture to meet certification and, most importantly, maintain their security posture. Furthermore, with a mature information protection program in place, organizations are less likely to suffer a breach and are more likely to be able to contain and minimize the impact of a breach, should one occur.
Organizations that implement a robust information security continuous monitoring (ISCM) program such as HITRUST to continually assess the state of their information security controls not only achieve higher levels of maturity, but also make better and more timely decisions. Additional benefits include on-demand, real-time insight into organizational security and compliance risk posture, better prioritization of remediation activities, and a higher level of assurance. Forrester Consulting also found that organizations with identity and access management (IAM) practices generate 90% more productivity, save 40% in technology costs, and save an average of $5 million in breach costs.
While the HITRUST CSF can be used by all organizations that create, access, store, or exchange sensitive and/or regulated data, it is ideal healthcare organizations because of its prescriptive framework for managing the security requirements inherent in the Health Insurance Portability and Accountability Act. HITRUST offers providers a trusted benchmark from which they can measure and manage their own compliance, while offering proven protection to their patients and partners.
Here at etherFAX, we are dedicated to meeting all regulatory compliance standards for data protection and are currently in the final stages of the HITRUST CSF assessment. We are working diligently in an effort to receive our HITRUST certification this year. All of etherFAX’s North American data centers providing encrypted fax are in scope.
As part of our commitment to provide our customers with the most secure document delivery solution in the industry, we have implemented multiple defense-in-depth strategies into our patented etherFAX technology including two-factor authentication and end-to-end encryption to guarantee that patient data and business-critical information remain protected. Our cloud-based fax solutions are also SOC 2 compliant, HIPAA compliant, and PCI DSS compliant for guaranteed security.