For businesses in the healthcare market, there are few accreditations more valuable than HITRUST CSF Certification. HITRUST is the de facto standard for information security and risk management across the healthcare market today. 81% of hospitals and 83% of health plans have adopted the framework and require certification of their vendors.
But obtaining HITRUST certification is not meant to be easy. With a robust framework consisting of over 1800 controls and requiring a complex implementation process, HITRUST certification is a daunting task that can put considerable pressures on your business’s bottom line.
Fortunately, companies using the Microsoft Azure cloud can accelerate their path to HITRUST Certification. Want to know how? Keep on reading for 3 things to do to accelerate your HITRUST certification on Azure.
Currently, 172 Azure services have achieved HITRUST CSF certification status. Azure’s HITRUST certification letters are available on the Service Trust Portal and include the full list of HITRUST CSF certified Azure offerings and regions. Azure customers can leverage Azure’s HITRUST CSF certification to inherit controls and apply them to their own assessments.
When your company begins the HITRUST certification process, your HITRUST assessor will determine which HITRUST controls your organization must attest to based on how your organization interacts with PHI – this can range from 200 to about 1000 or more.
Then you can cross reference your HITRUST control list with the Azure HITRUST Shared Responsibility Matrix (SRM) to learn which controls you can inherit from Azure. The more HITRUST controls you can inherit from Azure, the better. Inheriting Azure HITRUST controls will reduce the work needed to achieve HITRUST certification.
Azure customers can also accelerate their HITRUST CSF deployments by using Azure’s HITRUST Blueprint. The Blueprint specifies Azure resources for ingesting, storing, analyzing, and interacting with data as well as for managing identity and security. It includes a sample use case scenario, a deployment template and automation scripts, a security threat model, a list of relevant HIPAA/ HITRUST requirements, and more. Designed as a modular foundation, the Blueprint can be adjusted for an organization’s specific needs.
The Azure HITRUST Blueprint is an important resource for getting started. It can also serve as a means for evaluating compliance with environments that have already been established. For example, you can use the HITRUST Blueprint to determine whether you have sufficient processes and policies in place to comply with regulations
Remember previously how we discussed how you can inherit HITRUST controls from Azure, accelerating your path to HITRUST certification? I have more good news: If you partner with the right managed service provider (MSP) you can inherit even more HITRUST controls on Azure, accelerating your path to certification further.
Look for an MSP partner that is a certified HITRUST Inheritance Provider – there are only a few of these partners in the world, so be sure to look for the HITRUST Inheritance Provider badge.
These partners have collaborated with the HITRUST Alliance in order to provide shared responsibility matrices where you can find documentation of their inheritance offerings. Make sure you choose an MSP that offers Azure HITRUST Certification services and ask them how many inheritable controls they offer.
Cloudticity, a certified HITRUST Inheritance Provider, provides Azure HITRUST Certification Services through our MSP services. When you partner with Cloudticity for Azure cloud hosting managed services, you can automatically take advantage of the Azure HITRUST Certification services.
We currently offer 357 inheritable HITRUST controls for Azure customers – more than any other provider on the market – and that number is steadily growing.
Keep in mind HITRUST is a customizable framework, so there’s no way to know for sure how much time and money it will cost your organization specifically without talking to a certified Assessor.
You can read “What’s the Cost of HITRUST Certification” to learn more about the investment HITRUST requires. On average, we find that certification requires anywhere from 200 hours to over 1000 hours for most organizations.
The good news is, our Azure HITRUST Certification services are helping Azure customers reduce the work needed to achieve HITRUST certification by 40% on average.
Want to learn more about Cloudticity’s Azure HITRUST Certification Services? Download the Cloudticity HITRUST Inheritance Program solution brief to learn more about our Azure HITRUST and managed cloud hosting services.