Not long ago, we realized we needed a comprehensive tool that provided a prescriptive set of controls, which we could use to maintain compliance across a range of regulatory requirements. We pursued, then in May of this year, InformedDNA was awarded the HITRUST CSF Certification for our Utilization Management and Data Analysis systems. The Certified Security Framework (CSF) provides us an efficient and prescriptive framework for managing the security requirements inherent in HIPAA.

As healthcare organizations navigate an increasingly complex landscape and depend more and more on new technologies, especially in the cloud, they still need to achieve compliance, while offering proven protection for their customers’ data. The Health Information Trust Alliance (HITRUST) established the HITRUST CSF, a certifiable framework that can be used by any organization that creates, accesses, stores or exchanges sensitive information. It is considered an industry trusted benchmark that encompasses HIPAA, NIST, ISO, PCI, FTC Red Flag and COBIT standards.

HITRUST, in collaboration with the private sector, government, technology and information privacy and security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any organization that creates, accesses, stores or exchanges sensitive information. The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. (2012). (Source: https://hitrustalliance.net/understanding-leveraging-csf/.)

Managing security requirements from federal and state agencies and other third parties can be overwhelming and can consume considerable resources. Most often, healthcare providers have more than just a single compliance requirement, therefore choosing to implement the HITRUST CSF is a practical decision. The HITRUST framework clearly defines and converts HIPAA and HITECH requirements into an actionable roadmap, which is cross-referenced to other security and data privacy regulations. The CSF enables organizations to efficiently maintain compliance across a range of regulatory requirements.

“The HITRUST CSF Certification is the benchmark for organizations that are required to safeguard personal health information (PHI). With our existing safeguards in place for our clients’ data, it made sense for us to go a step further to demonstrate that our systems have met key regulations and industry-defined requirements, giving our clients additional peace of mind,” said Lee Fowinkle, president and chief technology officer for InformedDNA.

A key benefit of HITRUST certification is that it offers a third-party assessment that verifies that our organization has met all of the industry-defined certification requirements of the CSF. Like most healthcare providers, we have more than just a single compliance requirement; the CSF reduces complexity, helps manages risk, and helps control our costs while protecting our sensitive data. So, for InformedDNA, implementing the HITRUST CSF controls to achieve certification was the right choice to reassure our clients that their data is the most secure.

InformedDNA is the authority on the appropriate use of genetic testing. We counsel and advise health plans, health systems, pharmaceutical companies, and healthcare providers. In addition, we provide clinical services, offering patients convenient access to board-certified genetic counselors. Learn more about how we help our health plan and health system clients achieve their genetics services goals – just give us a call at 844-846-3763, send an email to info@informeddna.com, or fill out the form below and we’ll get in touch quickly.