Vetting the claims of secure messaging vendors can be tricky. Ask any hospital that has gone through an RFP process recently and they’ll likely describe a confounding experience of attempting to standardize vendors’ security models in a way that will allow them to be evenly compared.
Today, most secure messaging vendors list HIPAA-compliance in their marketing materials, but barring an independent review, this self-anointed claim generally goes unchecked. No doubt the Joint Commission’s guidelines on protecting patient information have been critically important to setting privacy standards, but actual verification remains elusive since the Joint Commission doesn’t vet claims or police vendors. Instead, they rely on the vendors themselves to self-adhere to the guidelines. This is where HITRUST steps in.
HITRUST is an acronym for the Health Information Trust (HITRUST) Alliance, an independent testing organization that issues the Certified Security Framework (CSF) certification to vendors who successfully pass their rigorous security evaluation. HITRUST CSF certification indicates that an organization has met industry-defined requirements and is appropriately managing risk when protecting patient data. It’s similar to having TSA pre-boarding clearance at the airport – you breeze through security because you’re a known quantity that’s been pre-verified.
Here’s how the process works. Over the course of many months, HITRUST conducts multiple rounds of security audits that highlight potential vulnerabilities, by which the vendor then makes corrections and resubmits its solution for further testing until the solution receives a passing grade across all categories. For TigerConnect, this process took seven months and numerous rounds of updates to meet HITRUST’s stringent guidelines. The testing criteria included 172 baseline controls across 19 domains, and generated more than 500 written ratings and responses. Needless to say, no stone was left unturned and we are extremely pleased to be the first vendor of our kind to achieve the HITRUST CSF certification.
Now, for the important part: What does this mean for you? For TigerConnect customers, it means added security and peace of mind that TigerConnect will keep your data safe where others may not. For those still looking to buy a secure communications solution, it means a faster, easier selection process and reassurance that you choose the healthcare industry’s most vetted secure product. More benefits you can expect include:
Furthermore, 19% of healthcare practices reported a security breach within the last year and 74% of healthcare practices are not encrypting data on their mobile devices, according to Netiq’s 2015 Cyberthreat Defense Report. If security and protecting patient data is truly a priority for your organization, going with a HITRUST CSF certified vendor like TigerConnect will give you one less thing to worry about.