As healthcare evolved over the years, especially with the HIPAA/HITECH regulations of 1996, and because of the subjective nature of HIPAA, covered entities face difficult challenges in assessing compliance and security for external vendors as well as internal controls. This leads to having to reinvent the wheel every time a department or vendor handles PHI information.
Founded in 2007, HITRUST Alliance, a not-for-profit organization, whose mission is to champion the safeguard of sensitive information and manage information risk for organizations, created an ISO 27001 based framework which is prescriptive to define HIPAA/HITECH guidelines called HITRUST CSF. CSF is a certifiable framework that brings together several other compliance frameworks and standards, including HIPAA, PCI, ISO, and NIST. HITRUST CSF Domains and Controls cover 19 different domains with about 1200 separate controls based on your scope of covered information. Continue reading Lumen21 HITRUST Certified Clinic on the Microsoft Azure Cloud