Leveraging HITRUST to Demonstrate HIPAA Compliance
HITRUST has supported thousands of Covered Entities and Business Associates with their Healthcare Insurance Portability and Accountability Act (HIPAA) compliance programs since the first release of the HITRUST CSF in 2009. More than 80% of US hospitals, 85% of US health insurers, and many other covered entities and business associates leverage the HITRUST Approach today to aid their HIPAA compliance initiatives.
With regulations constantly evolving and the threat landscape changing, organizations must continuously work to stay one step ahead. HITRUST’s integrated approach to information risk management and compliance helps organizations achieve their security and privacy goals—including HIPAA compliance regulations. The HITRUST CSF framework, HITRUST MyCSF platform, and HITRUST CSF Assessments work together harmoniously to support organizations in their efforts to achieve, maintain, and provide assurances surrounding HIPAA compliance.
This integrated methodology is referred to as the HITRUST Approach.
HITRUST MyCSF for HIPAA Compliance
The HITRUST MyCSF SaaS platform helps automate the process of selecting appropriate security and privacy controls via various assessment scoping factors, including variables such as the number of records processed annually by an organization. In HITRUST MyCSF, the Compliance and Reporting Pack for HIPAA collects specific information that is required to comply with HIPAA and regularly requested during audits or investigations. The information is automatically consolidated in a compliance report, formatted by HIPAA control, and populated with evidence that can be directly shared with investigators. This new capability, planned for March 2021 release, will significantly streamline how organizations capture and present regulatory compliance evidence.
- HITRUST Approach to HIPAA Compliance – Download this free guide, which documents HITRUST controls as they relate to HIPAA’s Security and Breach Notification Rules. The guide includes instructions, a support and responsibilities table, and a HIPAA compliance checklist that can be leveraged as organizations pursue their HIPAA compliance objectives. Click here to download the guide.
- HITRUST Regulatory Assistance Center – The new HITRUST Regulatory Assistance Center was created to aid organizations that have a HITRUST CSF Certification and are preparing for or undergoing a regulatory audit. This no-cost assistance includes guidance on how HITRUST CSF Assessment Reports can and should be leveraged to demonstrate compliance, including how specific requirements are met or how best to respond relating to a specific inquiry. The Center is staffed with security and privacy professionals, attorneys, and other experts familiar with the HITRUST CSF, HITRUST Assurance Program, and HIPAA regulations. Click here to learn more about the HITRUST Regulatory Assistance Center.
- The Trusted Network Accreditation Program (TNAP) was developed to directly align with the development of the 21st Century Cures Act required Trusted Exchange Framework and Common Agreement (TEFCA). TNAP seeks to promote interoperability by assuring the security and privacy of trusted networks and the use of enabling technologies in the healthcare ecosystem. The program provides third-party review with accreditation for Trusted Exchange Qualified Health Information Networks (QHINs) and participants, addresses existing security and privacy compliance mandates by requiring HITRUST CSF Certification along with rights management, and compliance with new TEFCA regulatory requirements. To learn more about the TNAP program and its benefits, visit trustednetworkap.org.
HITRUST, together with King & Spalding LLP, hosted a webinar to provide insight on how organizations can position themselves advantageously from a legal perspective when it comes to HIPAA compliance and regulatory investigations by leveraging their HITRUST CSF Certifications. To watch the webinar, visit here.