HITRUST Interim Assessment 2024

 

HITRUST (Health Information Security Trust Alliance) is an organization that maintains the Common Security Framework (CSF)

This is a framework built on several information protection standards including the National Institute of Standards Technology (NIST), Payment Card Industry (PCI), HIPAA), and the international standard for information security (ISO27001). HITRUST provides assurance to customers and partners that a vendor can protect and handle sensitive information.

HITRUST includes 19 domains for information protection including Access Control, Network Protection, Vulnerability Management and Third-Party Assurance. Organizations that achieve HITRUST certification have demonstrated that they have policy, procedures, and have implemented the standard across all 19 domains. This is one of the reasons HITRUST has become the gold standard for compliance and security in healthcare.

HITRUST’s Risk-based two-year (r2) validated assessment certification is valid for two years. However, to provide validation that organizations continually adhere to the standard. HITRUST requires all certified R2 organizations to undergo an interim assessment within one year of achieving the certification. A random set of controls are selected and, are unknown to the certifying organization until they receive the assessment. This provides proof that the organization’s security standards and controls are operating effectively and that they remain compliant. More information regarding the HITRUST R2 certification can be found here.

 

MTS’s cloud platform has been HITRUST-Certified since 2019

This has benefited partners and customers by reducing their auditing requirements. Partners and customers can rely on the HITRUST certification instead of having to conduct their own audits. This saves valuable time and allows security teams to prioritize their focus on other areas such as a non-certified vendor.

Unfortunately, since 2018 the threat landscape has changed for the worse. There are now nation state threat actors carrying out more sophisticated cyberattacks, and healthcare is under attack. This has been made evident by recent cyberattacks against some very large healthcare organizations. These threats require a greater sense of urgency to ensure that HITRUST security controls are in place and are operating effectively.

 

Healthcare and the Public Sector | CISA

When opportunities to demonstrate compliance arise, such as a HITRUST interim assessment, approaching cybersecurity as a team sport ensures the best outcomes. HITRUST compliance involves various regulations and controls across the 19 domains. The participation of diverse teams such as SOC analysts, managers, cloud engineers, and IT generalists is required to ensure the requirements are thoroughly met.

HITRUST-certified vendors have a deeper understanding of compliance and the knowledge for minimizing risk. Today’s threats require partnering with organizations that use industry standards and frameworks such as HITRUST CSF.

Contact MTS today to learn more about our HITRUST Certified cloud services and how we can help keep your data more secure.