How Healthcare Providers Can Inherit HITRUST Compliance
In the healthcare industry, where millions of patient records hold private medical data, protecting personal health information is of utmost importance – an expectation reflected in the industry’s strict HITRUST certification requirements.
HITRUST, a leading data protection standards development and certification organization, established HITRUST certification in 2007, now one of the most widely adopted security frameworks in the healthcare industry. Put simply, its purpose is to mitigate the risks associated with a data breach of personal health information.
Achieving that certification is an annual and extremely rigorous process. But there exists another avenue, known as the HITRUST Inheritance Program, which gives healthcare providers the ability to “borrow” HITRUST compliance from their IT provider.
A Select Group of IT Providers Offer HITRUST Inheritance
Only 39 IT organizations worldwide are part of the HITRUST Inheritance Program, and LightEdge is among that special group. Why? With more than 150 customers in the healthcare or healthcare services industries, LightEdge takes HITRUST very seriously. As such, LightEdge leaders have made it a priority to invest the time and extensive resources into participating in the Inheritance Program because they know it’s critically important for their customers.
In fact, not only does LightEdge participate in the HITRUST Inheritance Program, it also has earned HITRUST compliance certifications at all 11 of its data centers. HITRUST certification demonstrates that systems within LightEdge’s environment meet the information risk management and compliance requirements to protect healthcare data. According to HITRUST, upwards of 80 percent of U.S. hospitals and 85 percent of U.S. health insurers use the HITRUST approach to help with HIPAA compliance.
Benefits of HITRUST Inheritance
The HITRUST Inheritance Program allows LightEdge customers to inherit relevant LightEdge controls and put them toward their own HITRUST assessments. By participating in LightEdge’s program, healthcare customers can save internal resources when it’s time for an audit, protect their customers’ critical data with complete faith and safeguard their brand from breaches.
Here are a few other notable perks:
- Less testing and data entry required
- Reduced pre-audit and audit costs
- Lower ongoing expenses
- Simplified assessment process
- Detailed inheritance of control requirement scores
- Increased flexibility
Most importantly, clients can rest assured that they have the backing of a trusted and respected third-party expert that’s been HITRUST-certified for years.
LightEdge Takes HITRUST Certification to Next Level
In another example of LightEdge going the extra mile to provide comprehensive security services for its customers, LightEdge has published a HITRUST Shared Responsibility Matrix® (SRM). LightEdge is one of only 14 companies globally to do so.
Developed jointly by LightEdge and HITRUST®, the matrix clearly defines cloud security and privacy responsibilities between LightEdge and their customers in the healthcare industry. By qualifying for and providing the HITRUST SRM for customers, LightEdge takes another important step in protecting customers’ critical data along with simplifying their risk management processes.
Why is the Shared Responsibility Matrix Important?
HITRUST launched the SRM program in 2021 with the goal of providing greater clarity regarding the ownership and operation of security controls between organizations and their cloud service providers.
Prior to that time, shared responsibility models existed and were supported by leading cloud service providers. However, the challenge was a lack of uniformity among the SRMs, with some being loosely defined or varying based on the solution. This ambiguity created an added layer of complexity for cloud solution users in achieving broader risk management objectives.
HITRUST set out to remedy that situation in 2019 and engaged Amazon Web Services (AWS) and Microsoft Azure, the two largest cloud service providers in the world, to begin developing joint Shared Responsibility Matrices. In 2021, HITRUST announced the publicly available resources. Each new HITRUST SRM aligns with the cloud service provider’s unique solution offering.
The HITRUST CSF®, a certifiable framework that integrates and harmonizes more than 40 authoritative sources, serves as the foundation for the HITRUST SRM.
Let LightEdge Help You Accelerate Your HITRUST Certification Process
As one of an elite few service providers who have undergone the demanding process of attaining their HITRUST certification plus qualifying for the HITRUST Inheritance program, LightEdge has the deep knowledge and experience to help your organization more easily achieve its HITRUST certification. To learn more, read our eBook on deploying a secure, compliant cloud in healthcare or contact us here.
