What Is HITRUST Certification?
HITRUST is the acronym for Health Information Trust Alliance. This organization oversees certification, requiring that companies have technical controls in place to validate the security of their system. HITRUST certification actually verifies that you’re meeting the standards outlined in HIPAA regulations.
HITRUST uses a common security framework (CSF) that allows businesses to approach regulatory compliance and risk management holistically. Based on regulations, standards, and best practices, HITRUST delivers a centralized security and privacy framework.
The HITRUST CSF includes the NIST Cybersecurity Framework as its core while also integrating HIPAA, ISO, PCI, and COBIT. In one framework, HITRUST standardizes all the necessary security and privacy provisions into one.
To achieve certification, a HITRUST CSF Assessor Organization performs a Validated Assessment. This exercise includes a review of servers, services, physical locations, and infrastructure. To earn certification, organizations must meet or exceed requirements on various controls relating to the NIST framework—Identify, Protect, Detect, Respond, and Recover.
Why Does HITRUST Certification Matter for Your Print and Mail Provider?
HITRUST has been a transformational force in healthcare data management since its inception in 2007. Prior to its development, the “trust” between a healthcare organization and its vendors was as deep as signing a HIPAA Business Associate Agreement (BAA) or a confidentiality agreement.
Those are still necessary things to have in place, but they don’t elevate the level of confidence like HITRUST does. If you rely on a third party to handle protected health information (PHI), you need to be more than “pretty sure” they are following best practices to safeguard that data.
The reality is that healthcare data breaches occur often, and a vendor can be the cause of it.
According to the Office of Civil Rights (OCR), which oversees HIPAA compliance, 2020 witnessed considerable spikes in breaches, many associated with COVID-19 scams or phishing. There were 642 in 2020 with exposure of 500 records or more, representing a 25% year-over-year increase. A total of 29 million records were exposed last year. The majority of those were due to unauthorized access and hacking incidents. The channels with the most breaches were network servers, email, and paper.
No healthcare entity wants to face a breach. It can result in fines by the OCR, class action lawsuits, and reputational harm. It’s not enough to be sure your internal controls are protecting your data. Every vendor that receives and uses it must also be under the microscope. When you work with a HITRUST certified provider, you have that peace of mind.
PCI Group Is HITRUST Certified
PCI Group received HITRUST certification in 2019, demonstrating our ability to meet the CSF requirements in both of our locations. HITRUST determined that we meet all the NIST targets. Here’s how we do it:
- Robust protocols around physical access to the data.
- Tracking systems that ensure integrity and accuracy of each piece of mail.
- Advanced cybersecurity practices, including threat and vulnerability scanning and monitoring.
- Business continuity, incident response, and redundancy policies.
- Thorough training and awareness of security policies for employees.
This certification, in addition to our HIPAA compliant mailings, ensures that we protect PHI just as you would.
Be Confident in Your Mail and Print Provider
Selecting a provider for your mission-critical transactional mail needs involves research and evaluations. You’ll be assessing many different things, from print quality to costs to capabilities. Compliance will also be top of mind. You’ll have greater confidence when you work with a partner that meets HITRUST certification requirements. Learn more about how we serve the healthcare industry and why you can trust us.