Transitioning from HIPAA Compliance to HITRUST Compliance

| Author , tagged in Healthcare Industry, About Cloudticity, Compliance
Cloudticity, L.L.C.

Cloudticity's passion toward meeting security and compliance standards has led us down many paths over the past few years due to the ever-changing landscape of Healthcare and AWS. Let's reflect:

Our HITRUST Journey:

From day one, Cloudticity has been exclusively in the business of helping healthcare organizations be successful on AWS. From helping build the first patient portal on AWS, to achieving the first Meaningful Use II compliance on AWS, to deploying the first health information exchange on AWS, security and compliance has always been in the forefront of everything we do. Every control on our compliance dashboards has always mapped back to one or more corresponding HIPAA CFRs. We've filled out more security and compliance questionnaires than any of us care to think about. And since we launched our company in 2011, no system under our management has ever experienced a HIPAA breach.

In our early days, putting healthcare workloads on the public cloud was sort of like venturing into the Wild West of old. Back then, AWS wouldn't even sign a Business Associate Agreement. The level of sophistication we brought to the compliance table helped assure our clients and the organizations or patients they served that their information was safe.

Over time, the healthcare technology industry matured, and major providers and payers started demanding ever more developed information security programs - in fact, our CEO Gerry Miller recently wrote about this in his blog post, The Need for HITRUST Certification.

Enter the world of HITRUST.

After exploring many (many!) compliance frameworks, we quickly came to the conclusion that the HITRUST Common Security Framework (CSF) was the one much of the healthcare industry was coalescing around. The clincher for Cloudticity was the ease of mapping CSF controls to other frameworks, making it a central hub for compliance that also allows us to meet non-HITRUST frameworks like NIST 800-53, SOC 2, COBIT, GDPR, PCI, among others.

Of course, as a growing company, committing to the HITRUST journey required a high level of focus, financial commitment, and diversion of our valuable resources. We were convinced, however, that it was the right thing to do - it codified our approach to information security, gave our clients a deeper sense of comfort with our services, and set us apart from a competitive standpoint.

Today, we work closely with HITRUST to continue evolving the Common Security Framework, most recently with the Shared Responsibility Program working group.

Our Partnership:

From the beginning of our HITRUST journey, Cloudticity focused on developing a partnership with a forward-thinking, innovative assessor that understood our unique approach to using automation for compliance. After reviewing dozens of options, we kept coming back to BEYOND LLC. Together, we worked through some hard challenges around shared responsibilities, the nature of cloud computing, and the realities of today's remote workforces. In blazing new trails together, Cloudticity and BEYOND forged a deep corporate bond that begged the question, "How can we leverage the work we've done together to benefit the wider healthcare industry?"

We started by introducing BEYOND to the growing number of Cloudticity clients who expressed interest in HITRUST certification. We kept noticing a common thread - a reasonably significant portion of HITRUST CSF controls are satisfied by the Cloudticity Oxygen™ managed services platform, and our clients each had to duplicate efforts by re-attesting. We thought - there has to be a better way.


Meet MagicBox:


When it comes to obtaining a HITRUST certification, you wish there was a better way. So we created one. Meet MagicBox, the brainchild of two of the leading innovators in the healthcare information security space: Cloudticity and BEYOND, LLC. MagicBox is the first and only end-to-end HITRUST solution on AWS.

MagicBox reinvents the certification process, using the breakthrough integration of Cloud-driven technology with one-to-one expert guidance, significantly reducing time and creating efficiencies that will allow you to obtain your certification with a 100% success rate. For more information, check out our thoughts on the important of compliance and visit to contact us.

What's Next for the Monthly Compliance Blog?

Starting next month, the HIPAA Compliance series will transition to HITRUST Compliance. In each segment of this series, we will introduce a specific Cloudticity Oxygen feature, focusing on how it helps achieve HITRUST controls.

Stay tuned while Cloudticity continues to innovate on forward thinking ways to approach compliance. In the meantime, visit us on the web, or leverage our free, fully automated HIPAA technical assessment as a great way to chart your path toward HIPAA compliance.

 Meet MagicBox What's in the box?

Get On The Fast Track To HITRUST

TAGGED: Healthcare Industry About Cloudticity Compliance

Subscribe Today

Get notified with product release updates and industry news.