In healthcare transactional print and mail, the processes to produce them must align with compliance regulations. While most organizations have HIPAA certification, not all also have HITRUST. So, what are the differences between HIPAA and HITRUST certification? In this episode of Ask the Experts, Information Security and Compliance Officer Dwight Springthorpe provided the answer.
“The difference between HIPAA and HITRUST certifications is that HITRUST goes a step beyond HIPAA,” Dwight said. Essentially, HITRUST covers the infrastructure and sets standards on data protection that are universally applicable to all healthcare entities—providers, payers, and third-party vendors. HITRUST leverages HIPAA and NIST (National Institute of Technology) to develop its framework.
Dwight described how to earn HIPAA and HITRUST, “It’s a certification with two years of approval with a one-year audit on the odd years of your certification. HIPAA is an annual certification. The requirements for HIPAA are very extreme. You have to supply audited logs and information about your operations and procedures.”
For any organization seeking to outsource healthcare communications, they should look for a partner with HIPAA and HITRUST certifications. PCI Group has achieved both of these and will maintain them through rigorous security policies, auditing, and keeping up-to-date on the latest risks. Watch the video to learn more.