News Feature | August 10, 2016

Vendors Earn HITRUST CSF Certification

Christine Kern

By Christine Kern, contributing writer


TigerText, Catalyze, and athenahealth among those now touting the CSF Certified status.

The Health Information Trust Alliance (HITRUST) established the Common Security Framework (CSF) certification process in order to ensure the privacy of patient information in line with HIPAA, HITECH, PCI, and COBIT requirements. It is a certifiable framework that can be used by organizations that create, access, store or exchange personal health information (PHI). A number of vendors have already achieved the CSF certification, including athenahealth, TigerText, and Catalyze, and in the drive for interoperability and increased data security other vendors are sure to follow.

Supporting its mission “to be healthcare providers’ most trusted service, helping them do well by doing the right thing,” athenahealth announced athenaNet achieved the CSF Certified status from HITRUST. This status “assures athenahealth’s clients that athenaNet is meeting the healthcare industry’s highest standards in protecting healthcare information and managing risk.”

Catalyze, a platform for healthcare IT development teams, announced its compliant cloud platform is now HITRUST CSF Certified for its customers hosting workloads on Amazon Web Services (AWS.) The platform is also HIPAA compliant. “Healthcare is an industry in the midst of transitioning to the cloud, and AWS is strategically positioned to service the healthcare industry’s computing needs. AWS’s work with Catalyze, a company that focuses on meeting healthcare’s unique compliance needs through security frameworks like HITRUST, helps position AWS to play a key role in the health industry’s transformation,” explained Josh Hofmann, Global Lead, Partner Ecosystem, Amazon Web Services, Inc.

TigerText also announced it earned Certified status for information security by the Health Information Trust (HITRUST) Alliance. With the HITRUST CSF Certified Status, TigerText meets key healthcare regulations and requirements for protecting and securing sensitive private healthcare information.

According to TigerText, “By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. HITRUST-certified vendors offer healthcare organizations several benefits such as a defined set of controls founded on industry best practices, simpler, less costly audits, and faster RFP vetting for certified vendors.”

The HITRUST CSF Certification program includes a rigorous and thorough vetting process consisting of 172 baseline controls across 19 domains, spanning many months and requiring over 500 written ratings and responses. Once certified, vendors must undergo recertification every two years, which is one of the highlights of the HITRUST CSF program, assuring buyers that the security model of any HITRUST vendor is keeping pace with the latest industry advancements.

“The HITRUST CSF has become the information protection framework for the healthcare industry, and the CSF Assurance program is bringing a new level of effectiveness and efficiency to third-party assurance,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “The CSF Certification is now the benchmark that organizations required to safeguard PHI are measured against with regards to information protection.”