HITRUST certification is often viewed as table stakes for doing business in healthcare. Meeting HITRUST’s rigorous requirements demonstrates proficiency in managing data privacy and security — and the ability to prove compliance with important standards and regulations.
Healthcare organizations and their partners deal with sensitive data that must be protected and carefully managed. For that reason, the way personal health information (PHI) is obtained, maintained, exchanged, and protected from unauthorized access, exposure, or theft is subject to HIPAA compliance and other regulatory guidelines — whether on-premise or in the cloud.
Implementing the HITRUST CSF and its controls, and working toward or maintaining certification, helps organizations protect PHI (and themselves) from threats, as well as meet their cybersecurity responsibilities.
Adopting the right cloud services can speed and simplify the HITRUST certification process. Public cloud providers enable rapid provisioning of secure, compliant IT infrastructure. Cloudticity helps further streamline certification by providing fully automated managed services for the cloud and by allowing you to inherit a lot of compliance controls.
And we just want everyone to know that we officially offer equal services for HITRUST inheritance on both AWS and Azure.
We know from experience that guided cloud utilization in healthcare IT can capture incredible efficiencies and unleash powerful new capabilities, but we also understand that it comes with unique challenges, responsibilities, and requirements.
Cloudticity has long been recognized for its prowess in utilizing public cloud power to facilitate rapid digital transformation for healthcare organizations. In particular, we’ve managed to get plenty of press in regard to our Amazon Web Services (AWS) expertise in the healthcare space.
But we also pride ourselves on our mastery of Microsoft Azure environments, enabling our healthcare partners to pick and choose which cloud provider works best for them and/or take advantage of multi-cloud deployments if and when it suits their needs.
Microsoft Azure, HITRUST CSF, and HITRUST Inheritance
Microsoft explained the status of Azure in regard to the HITRUST CSF last year:
“The CSF builds on HIPAA and the HITECH Act and incorporates healthcare-specific security, privacy, and other regulatory requirements from existing frameworks such as the PCI DSS, ISO 27001, EU GDPR, NIST and MARS-E…HITRUST provides a benchmark—a standardized compliance framework, assessment, and certification process—against which cloud service providers and covered health entities can measure compliance. HITRUST offers three degrees of assurance or levels of assessment: self-assessment, CSF-validated, and CSF-certified. Each level builds with increasing rigor on the one that precedes it. An organization with the highest level, CSF-certified, meets all the CSF certification requirements. Microsoft is one of the first hyperscale cloud service providers to receive certification for the HITRUST CSF.”
Because of its CSF-certified status, healthcare organizations utilizing Microsoft Azure can “inherit” attestation or partial attestation to some of its HITRUST security and compliance controls. For example, one CSF control requires that keys must be rotated every 90 days. Azure has automated this control so that all of their users rotate keys on schedule, so Azure users automatically partially inherit this control.
Cloudticity HITRUST Inheritance on Azure
Azure services managed through Cloudticity can access even more inheritable and partially inheritable HITRUST controls because we’ve automated over 219 of them — and counting!
This is a point of pride for us, and in fact, Cloudticity is one of only around 20 HITRUST inheritance partners in existence. Our software-defined HITRUST Inheritance Program can shorten the HITRUST certification journey significantly (saving ~85 hours of IT work for our clients). Further, this level of automation helps reduce complexity and maintain compliance long into the future as your organization and its IT needs evolve.
And of course, we also offer the same automated HITRUST inheritance services on AWS.
To learn more about HITRUST certification or inheritance details, download our white paper.