The HITRUST CSF is a certifiable framework that provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. Utilizing a common set of information security requirements, the Common Security Framework program delivers simplified compliance assessment and reporting for HIPAA, HITECH, state, and business associate requirements.
Similar to TECH LOCK’s Payment Card Industry Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV) designation, HITRUST CSF is another credential that differentiates TECH LOCK from other consulting companies that haven’t or are unwilling to undergo rigorous due diligence of best in class auditing practices and processes which ensure the best ROI and data security for their clients. With less than 10 firms in North America able to currently perform both PCI DSS and HITRUST certifications, being recognized by HITRUST for our security experience and qualifications in addition to our PCI QSA designation demonstrates the strength of our information technology security experts and our leadership in the marketplace.
According to the Experian report “2014 Data Breach Industry Forecast,” the number of reported healthcare data breaches in 2014 is expected to surge. This is just one reason why we are seeing more regulation from both the federal and state level. Recently, the HIPAA Omnibus Rule was enacted which requires compliance with new data breach and privacy requirements. This is likely to increase fines and the frequency of headlines about incidents. On the State level, Texas recently signed into law Texas H.B. 300 which impacts ANY entity that conducts business in Texas and collects, uses, and/or stores Protected Health Information (PHI).
For organizations that have a merchant contract and/or store, process or transmit cardholder information in addition to collecting, using, and/or storing protected health information, TECH LOCK’s holistic compliance service will assist them in saving time and money when dealing with the complex regulatory environment that exists today.