HITRUST Certified Companies
Directors’ Choice has achieved the HITRUST Risk-Based, 2-Year (r2) Validated Assessment + Certification, which “is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight.”
Learn more about the HITRUST r2 Assessment + Certification. https://hitrustalliance.net/certifications/corporate-certifications.
This significant milestone underscores Directors’ Choice’s unwavering dedication to ensuring the highest standards of information security and data privacy within the death care profession.
What Is HITRUST Certified
HITRUST is the Health Information Trust Alliance. It was founded in 2007 to support organizations in all sectors–but especially health organizations–to reach information risk management and compliance objectives. In fact, according to the HITRUST Alliance, 81% of hospitals and health systems and 83% of health plans utilize the HITRUST Certification Standard Framework (CSF).
HITRUST includes elements from risk management frameworks like The Payment Card Industry Data Security Standard (PCI DSS), HIPAA, NIST 800-53, NIST CSF, and ISO 27001.
The “HITRUST approach,” along with HITRUST certification, gives vendors and covered entities a way to demonstrate compliance to HIPAA requirements based on a standardized framework. The ultimate goal of HITRUST certification is for businesses to effectively manage data, information risk, and compliance.
The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
HITRUST also leads many efforts in awareness, education, and advocacy related to information protection. In addition, HITRUST’s framework has since been developed to be non-industry specific.
Why Get HITRUST Certified
HITRUST certification verifies that a company uses the strictest requirements with high-risk data. In the event of a data breach or security lapse, you want to know that your company took as many precautionary steps as possible to uphold compliance and provide a secure environment for sensitive information.
Clients entrust organizations with detailed sensitive information about themselves, and they trust that that information will be protected.
The HIPAA Security Rule states that organizations must conduct “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”
HITRUST vs HIPAA
The HITRUST alliance seeks to provide organizations with a way to show evidence of compliance with a variety of mandated security controls. HIPAA is a law, which was enacted in 1996 by lawyers and lawmakers and is enforced by the US Department of Health and Human Services (HHS).
According to the HHS, “The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form . . . This means that covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information.”
HITRUST does not replace HIPAA, but it can provide measurable criteria and objectives for applying “appropriate administrative, technical, and physical safeguards.”