What Is HITRUST Certification and Why Should You Insist That Your IT Partner Has IT?

Cyber-criminals love healthcare data. It is arguably the most sensitive and valuable information they can steal. Not only can these criminals breach your systems and hold your practice ransom, but they can also sell your patients’ data on the black market and blackmail your organization and your patients with threats to publicly release their information.

Despite healthcare hacks all over the news, maybe you’re feeling confident because your managed services provider (MSP) passed its annual HIPAA security audit. Certainly, a history of successful security audits is important validation when choosing an MSP. But in today’s threat landscape, that’s not enough. These audits, while valid, provide just a snapshot of compliance once a year. Unfortunately, hackers don’t limit themselves to that schedule.

Unlike annual audits, HITRUST CSF requires ongoing controls and processes

While HIPAA is an act that details standards for compliance, HITRUST is a security-focused organization that specifies rigorous requirements and more than 400 controls to measure an organization’s ongoing ability to safeguard personal health information (PHI). The HITRUST assessment process is grueling and time-consuming, making it challenging for most practices’ IT departments to undergo while still managing all of their daily tasks.

MSPs who have archived HITRUST CSF certification are few, but at Med Tech Solutions, we believe it’s a requirement to demonstrate our commitment to the security of your HIPAA-protected information. Your practice or clinic is accountable for protecting your patients’ information. By partnering with an MSP that has achieved the most rigorous standards of HITRUST CSF certification for its datacenters, you demonstrate that you take that responsibility seriously.

Med Tech Solutions is focused exclusively on healthcare IT, and one way we prove this to our clients is by certifying that the information we manage is protected. Very few MSPs have expended the time and resources to prove that their security is exceptional and meets or exceeds the standards and ongoing controls and processes that HITRUST demands.

HITRUST CSF certification gives OptumCare practices confidence and peace of mind

OptumCare, a long-time Med Tech Solutions client, is a national network of care delivery organizations (CDOs). In the greater Los Angeles area, OptumCare supports the IT needs for an independent practice association (IPA) that delivers care to a dense patient population of senior and non-senior lives. OptumCare has partnered with Med Tech Solutions to securely host, optimize, and support the EHRs of about 250 providers across 116 practices.

OptumCare’s contracts specify that their providers comply with HIPAA and hardware security standards. While the organization can’t mandate that providers use specific technology, Armando Besné, senior manager of CIS at OptumCare, needed to ensure that their connection to the data center is secure.

“Security is a big concern for all organizations, especially when you’re dealing with personal health information,” says Besné. “The HITRUST certification that MTS was able to provide made the security analysis and risk assessment that we have in place very easy. It gives me the confidence knowing that we have the best security in place to be able to give the providers and the patients peace of mind, knowing that their data is protected in that hosted environment.”

“It gives me the confidence knowing that we have the best security in place to be able to give the providers and the patients peace of mind, knowing that their data is protected in that hosted environment.”

— Armando Besné, senior manager of CIS at OptumCare

MTS developed options for network appliances that providers could use with the MTS environment and that were upgradeable for future requirements. “That provides that level of security knowing that when we broker our connection between an IPA or a provider site to MTS, it is going through an appliance that is up-to-date with security protocols. That way we eliminate or mitigate some of that risk,” Besné says.

Read the full OptumCare case study.

Med Tech Solutions achieves HITRUST CSF recertification

HITRUST CSF certification is far from a one-time, check-the-box activity. Med Tech Solutions has announced that it has again achieved this rigorous certification.

“Healthcare organizations are under immense pressure to not only meet complex HIPAA security and privacy compliance requirements, but to also adapt to a fast-changing security landscape that threatens their patients’ personal information and their practices’ business viability,” said Mona Abutaleb, CEO, Med Tech Solutions. “The HITRUST CSF certification for our cloud datacenters—and all of the learnings from the certification process that we apply across our security-first approach—helps us ensure a secure, reliable IT infrastructure for our healthcare practice clients so they can prioritize patient care.”

For more information about HITRUST certification and its importance in protecting critical healthcare data, read our whitepaper: Cloud Confidence for Healthcare with HITRUST Common Security Framework (CSF).