Hooray for HITRUST

It can be difficult to prove whether a cloud or managed hosting provider is certified HIPAA compliant because today no formal process or status exists to verify that claim. The HIPAA Security Rule allows the use of any security measures that reasonably and appropriately implement its standards and implementation specifications. For health care innovators, this wiggle room can cause some uncertainty about whether their IT infrastructure is compliant and secure, or in danger of a costly HIPAA violation.

For Layered Tech, protection of all data, personal or otherwise, is an essential component to our brand reputation and to our continued success in the security and compliance sector of the cloud and hosting industry. As a business partner to clients across all industries, we receive hundreds of requests annually for information about protection assessment or attestation of security controls. To help simplify and streamline requests from healthcare clients and vendors, and to demonstrate HIPAA compliance, becoming an early adopter of the HITRUST (Health Information Trust Alliance) certification was a natural choice for Layered Tech.

HITRUST certification provides independent verification that an organization has met all of the industry-defined certification requirements using a Common Security Framework (CSF). A HITRUST assessment and certification takes a risk-based approach, scaling the requirements to the risk characteristics of the organization, and focuses on the controls related to the leading causes of breaches to health data. By translating HIPAA and HITECH (Health Information Technology for Economic and Clinical Health) requirements into an actionable roadmap cross-referenced to other security and data privacy regulations, the CSF provides a prescriptive set of controls that can be used to manage compliance across a broad range of regulatory requirements.

An additional incentive for using HITRUST is that many of the largest healthcare organizations have gotten onboard and made significant contributions to the effort. The way HIPAA is written, a framework is needed to enable these companies to better defend their interpretations of HIPAA requirements. The benefit to the healthcare industry comes in greater compliance-required information protection, reduced assessment costs and increased efficiency.

Layered Tech uses selected security controls and control enhancements of HITRUST as best practices to meet  HIPAA Security Rules, ensuring the confidentiality, integrity, and availability of our client’s ePHI (electronic protected health information). Layer 4 managed services are the core of our HIPAA compliant hosting solutions and feature our Compliance Guarantee, the first of its kind in the industry. This guarantee means that our clients will pass 100 percent of every IT audit or assessment sanctioned by HIPAA regulations. Layered Tech’s HIPAA compliance-ready managed services, as evidenced by obtaining the HITRUST certification, provides clients an isolated, secure hosted environment. Partnering with Layered Tech to maintain HIPAA compliance can significantly reduce the time and cost to validate your security posture.

Security is engrained into every aspect of Layered Tech’s day-to-day IT administration activities. Compliance and security are Layered Tech’s core competencies, as demonstrated by achieving independent validation through the HITRUST certification. Our proprietary security framework is configured to specific client needs, and mapped to regulatory requirements. We are positioned to support the entire spectrum of healthcare cloud and managed hosting needs, including secondary care providers, claims and payment providers.

 About the Author: Dennis Pickard holds CIA & CISA certifications and is the IT Audit Lead in the Compliance and Security Group of Layered Tech. He has more than 20 years of experience in compliance and technology audits, primarily in the Financial Services industry.   Throughout his professional career, he has directed and performed numerous HIPAA security and privacy analysis activities.



Comments are currently closed.