With all the complicated regulations and rule sets surrounding cyber security, HIPAA laws, state and federal laws, as well as new regulations hitting the market seemingly by the year, a collaborative effort was conceived to create a framework to make the process of compliance much more digestible and scalable with each individual covered entity and business associates.
HITRUST set out to achieve a common platform for which businesses in the healthcare sector can effectively follow and implement the vast security and regulatory bodies that are scattered across the industry. Ultimately the CSF (Common Security Framework) is a prescriptive set of controls that are designed to reconcile regulations into one relevant framework.
HITRUST combines the standards from:
Any State Laws
The benefits of the framework are that it can be tailored to each individual company or entity based on it’s usage of data and security exposure. It is essentially a path through the healthcare security maze.
HITRUST modified the HHS risk analysis process to accommodate this control framework-based approach as follows:
Conduct a complete inventory of where health information ‘lives’
Perform an impact analysis on all systems with health information (criticality)
Categorize & valuate systems based on sensitivity & criticality
Select an appropriate framework baseline set of controls
Apply an overlay and/or tailor based on a targeted risk analysis
Evaluate residual risk using control maturity & impact ratings
Rank risks and determine risk treatments
Make contextual adjustments to likelihood & impact, if needed, as part of the corrective action planning process
The framework consists of a set of a risk analysis directly from the HHS, but expanded upon to include other regulatory laws and acts. This road maps is designed to find a cost effective means to covering what needs to be covered and analyzing any new items or uses of data the healthcare organization may need.
Getting a HITRUST certificate isn’t necessarily a “get out of jail free card”, but being able to display actions taken to comply with all the regulatory bodies mandates and laws will be increasingly prevalent as future HHS audits continue, and companies are found to be out of compliance resulting in fines, negative perception within the industry as well as the consumer.
PatientCalls has been a leader in the medical answering service field for over 15 years providing answering services with top rated quality and expertise to those in need of optimizing their organizations’ time and communications. Call PatientCalls today and ask for more information regarding our 14-day risk free trial and custom flat rate monthly price plans.