As healthcare evolved over the years, especially with the HIPAA/HITECH regulations of 1996, and because of the subjective nature of HIPAA, covered entities face difficult challenges in assessing compliance and security for external vendors as well as internal controls. This leads to having to reinvent the wheel every time a department or vendor handles PHI information.
Founded in 2007, HITRUST Alliance, a not-for-profit organization, whose mission is to champion the safeguard of sensitive information and manage information risk for organizations, created an ISO 27001 based framework which is prescriptive to define HIPAA/HITECH guidelines called HITRUST CSF. CSF is a certifiable framework that brings together several other compliance frameworks and standards, including HIPAA, PCI, ISO, and NIST. HITRUST CSF Domains and Controls cover 19 different domains with about 1200 separate controls based on your scope of covered information.
- Information Protection Program
- Endpoint Protection
- Portable Media Security
- Mobile Device Security
- Wireless Protection
- Configuration Management
- Vulnerability Management
- Network Protection
- Transmission Protection
- Password Management
- Access Control
- Audit Logging & Monitoring
- Education, Training & Awareness
- Third Party Security
- Incident Management
- Business Continuity & Disaster Recovery
- Risk Management
- Physical & Environmental Security
- Data Protection & Privacy
Utilizing the HITRUST CSF and the Microsoft Azure Security and Compliance Blueprint, Lumen21 has developed the Clinic in the Cloud offering on Microsoft Azure platform, configured to help Medical clinics manage and secure patient PHI (Protected Health Information) and PII (Personally Identifiable Information), especially when combined with Credit Card transactions, which falls under the PCI DSS 3.0 regulations. These services help covered entities and organizations that handle PHI/PII to be HITRUST Certified and adhere to all HIPAA/HITRUST regulations with rapid deployments across their locations. It’s Compliance as a Service providing clinic IT solutions out of the box.
Complying with HIPAA and proving compliance with HIPAA are two different things. Lumen21 is HIPAA compliant and HITRUST Certified. Look at the documentation we’ve created that shows how Lumen21 complies with all the various HIPAA regulations.
To be a proven entity, that you are HIPAA Compliant, you must have a third-party validate and certify as such, as we have at Lumen21. Our customers leverage those audits to prove the Clinic in the Cloud, and the related workload that is run on is HIPAA compliant. We do all the work to make sure you as a customer do not have to worry about these compliance matters.
Clinic in the Cloud enables the HITRUST, GDPR and SSAE 16 compliant environment for covered entities which have distributed workforce supporting members/patients across many different geographical regions. The move to Clinic in the Cloud opens the ability for customers to deploy a licensed version of their software on the Lumen21 platform, on top of their own Azure Cloud or Microsoft 365 tenant or customers can use the pre-configured Lumen21 Clinic in the Cloud to leverage the same HITRUST CSF certification which has passed the stringent audit and compliance requirements. Lumen21 management and security layer has been vetted and validated by Microsoft Technology Architects as part of the Cloud Service Provider (CSP) program and leveraging the Azure Security and Compliance Blueprint.
Lumen21 recently completed our 4th external HITRUST audit along with external audit of SSAE 16 SOC 2 Type II audit. Lumen21 does not outsource any of the compliance and management work as it is core to what we do. With in-house audit, compliance, and management teams we ensure compliance with our policies and procedures, including our facilities and employees.