MINORITY & VETERAN OWNED
Menu
Though HITRUST began as a way to clarify best practices to meet HIPAA requirements for healthcare organizations, it is now gaining traction with a wide variety of industries, who are looking for data security solutions with all-encompassing views of various standards. HITRUST offers clear steps that an organization should take before preparing for a certification assessment. And that certification is a fast way to assure partner organizations and other stakeholders that you’re serious about privacy.
TMPC experts can get your organization on the path to certification and help you further optimize your security framework as your business grows.
Sometimes it’s a simple reaction to the first time a customer inquires about your HITRUST Certification. Sometimes, you have so many security plates spinning that you’re looking for one framework to bring them all together. Or sometimes, you need precise and prescriptive steps to take to make sure your security strategies are in order and actually working. HITRUST cross references your existing programs and gives you a single clear picture. And, of course, that certification inspires trust whenever stakeholders see it.
HOW IS HITRUST DIFFERENT FROM HIPAA?
HIPAA is a US law governing how healthcare organizations use patient personal information and the law requires that patients be notified in case of a data breach. HITRUST, however, is not a law. Instead, it is a compliance framework that helps you meet the requirements of the law (and other data security standards). If you’re a covered entity, you must comply with HIPAA, and HITRUST can help you do it more efficiently, while also offering you a clear-cut certification that tells third parties that you know what you’re doing when it comes to privacy.
CAN MY ORGANIZATION BE HITRUST CERTIFIED WITHOUT A THIRD PARTY?
Yes, it is possible to do all of the work required to become HITRUST certified yourself. That said, the preparation for and the certification process itself requires a lot of work, and often businesses who start down the HITRUST path by themselves either fail to complete the task or end up hiring someone to get the job done. TMPC experts can streamline HITRUST assessment requirements, so you get your business on the certification track quickly.
IDENTIFY A HITRUST OFFICER
While some organization Identify and train an internal HITRUST Officer to coordinate the assessment and certification process, many companies choose to work with an expert, like TMPC, who can coordinate the HITRUST process from beginning to end.
CHOOSE AN ASSESSMENT LEVEL
There are three assessment levels in HITRUST: Essentials, 1-year (e1), Implemented 1-year (i1), and Risk-based 2-year (r2). Each level comes with more work, yes, but also more assurance. From e1 to r2, the number of requirements grow from 44 annually for e1 to 375 for the first year and 40 for the second year for r2. And r2 can provide a more tailored approach. There is a lot to consider, which is why HITRUST advises that you work with a third party, like TMPC, to determine your assessment needs.
DEFINE THE SCOPE OF THE ASSESSMENT
Determine which facilities, departments and systems will be covered by the assessment. In addition, identify which systems, devices and technologies handle protected data. TMPC can help you define the scope.
POLICY AND PROCEDURE REVIEW
A TMPC expert can guide your HITRUST Officer and other identified team members through a thorough review and analysis of your organization’s policies and procedures, both official and in practice, to evaluate the effectiveness of your security strategies.
PERFORM TESTING
Testing and testing again is the only sure-fire way to know if your security environment is robust enough. TMPC can ensure that your testing is robust enough to find the smallest cracks in your data armor.