HIPAA & HITRUST
Project Hosts’ Turnkey Healthcare Compliant Cloud is both HIPAA compliant and HITRUST CSF certified. We ensure that all HIPAA & HITRUST security controls are implemented and documented when your solutions are deployed. This means less time and money spent on compliance activities.
Why we include HITRUST
HITRUST CSF provides a prescriptive set of controls that meet the requirements of not only HIPAA, but other security standards such as PCI and NIST 800-53 v.4. HITRUST builds on HIPAA, a non-prescriptive compliance framework, and creates a standardized compliance framework, assessment, and certification process for the healthcare industry. HITRUST CSF certification is a much more rigorous process, with a higher burden of proof put on the organization trying to achieve certification, than a HIPAA audit. That is why Project Hosts provides not only a HIPAA compliant cloud, but a HITRUST certified cloud environment to host your data, workloads and applications.
HIPAA
-
Self attestation
-
Compliant through ISO audit
-
Not Updated (Stagnant)
-
Not very prescriptive – Example: passwords – (Password rules are not mandated)
HITRUST
-
Official certification
-
Audited by HITRUST certified auditors
-
Continually updated
-
Prescriptive – Example: passwords – (Minumum length: 8 characters, Complexity: 3 out of 4 character types, Change requires 4 changed characters, Password expiration: Every 60 days, Reuse: Can’t use last 6 passwords, Etc.
-
As a result, many Providers, Payers and other covered entities are requiring HITRUST.