LightEdge Joins Select Few Worldwide to Publish HITRUST Shared Responsibility Matrix

LightEdge is proud to announce another major milestone in our industry-leading security and compliance services with the publication of a HITRUST Shared Responsibility Matrix® (SRM). Developed jointly by LightEdge and HITRUST®, a leading data protection standards development and certification organization, the matrix clearly defines cloud security and privacy responsibilities between LightEdge and their customers in the healthcare industry. HITRUST certification helps to streamline processes for risk management programs.

The SRM publication is another example of LightEdge going the extra mile to provide comprehensive security services for its customers. Only 14 companies globally have published a HITRUST SRM, which involves an extremely rigorous qualification process.

This news is part of a broader expansion of LightEdge’s HITRUST partnership, which includes recently adding HITRUST certifications for four data centers, meaning that all 11 LightEdge data centers are now HITRUST certified. LightEdge is also one of only 39 organizations worldwide that are part of the HITRUST Inheritance Program, which allows customers to inherit relevant LightEdge controls and put them toward their own HITRUST assessments. (In this context, “control” is generally defined as an activity to mitigate risk.)

HITRUST was established in 2007 to help mitigate the risks associated with a data breach of personal health information. One of the most widely adopted security frameworks in the healthcare industry today, HITRUST certification demonstrates that systems within LightEdge’s environment meet the information risk management and compliance requirements to protect healthcare data. To achieve HITRUST certification, providers must undergo a meticulous and time-intensive process. According to HITRUST, upwards of 80 percent of U.S. hospitals and 85 percent of U.S. health insurers use the HITRUST approach to help with HIPAA compliance.

Why Was the Shared Responsibility Matrix Created?

HITRUST launched the SRM program in 2021 with the goal of providing greater clarity regarding the ownership and operation of security controls between organizations and their cloud service providers.

Prior to that time, shared responsibility models existed and were supported by leading cloud service providers. However, the challenge was a lack of uniformity among the SRMs, with some being loosely defined or varying based on the solution. This ambiguity created an added layer of complexity for cloud solution users in achieving broader risk management objectives.

HITRUST set out to remedy that situation in 2019 and engaged Amazon Web Services (AWS) and Microsoft Azure, the two largest cloud service providers in the world, to begin developing joint Shared Responsibility Matrices. In 2021, HITRUST announced the publicly available resources. Each new HITRUST SRM aligns with the cloud service provider’s unique solution offering.

The HITRUST CSF®, a certifiable framework that integrates and harmonizes more than 40 authoritative sources, serves as the foundation for the HITRUST SRM. With more than 2,000 controls available in the HITRUST CSF, the HITRUST SRM documents which HITRUST CSF controls are full, partial, or shared responsibility between cloud service providers and their customers.

Why Does LightEdge Provide this Service?

With more than 150 customers in the healthcare or healthcare services industries, HITRUST is a subject of great interest and importance. By qualifying for and providing the HITRUST SRM for customers, LightEdge takes another important step in protecting customers’ critical data along with simplifying their risk management processes.