To quickly summarize a very complex subject, HITRUST is an organization that helps regulate data security standards within the healthcare industry. It is similar to HIPAA, but while HIPAA was written and is enforced by the federal government, HITRUST is governed by a collective body of the healthcare industry.
To that effect, HITRUST is the healthcare industry’s method of self-regulating security practices within the industry, and addressing certain shortcomings of HIPAA, as well as creating a PCI-like compliance framework for business entities to follow.
It’s easy to think of HITRUST certification as any other kind of non-mandatory certification a business can obtain, but that’s not the entire picture. For starters, HIPAA compliance does not come with any certification. HITRUST certification is one way of showing that a business is HIPAA compliant, because obtaining HITRUST compliance addresses many of the HIPAA compliance requirements.
To that degree, you may be wondering whether HITRUST certification is “worth it”, and the answer is pretty much yes. Business entities that must adhere to HIPAA standards generally have a difficult time self-assessing their HIPAA compliance level without a framework to follow, and so HITRUST provides a CSF (Common Security Framework) for the industry, which helps business entities much better self-assess whether or not they are HIPAA compliant.
[…]
Author | Emily Forbes
Click here to view full original article at thetechnews.com