top of page

HIPAA & HITRUST

Project Hosts’ Turnkey Healthcare Compliant Cloud is both HIPAA compliant and HITRUST CSF certified.  We ensure that all HIPAA & HITRUST security controls are implemented and documented when your solutions are deployed.  This means less time and money spent on compliance activities.

Why we include HITRUST

HITRUST CSF provides a prescriptive set of controls that meet the requirements of not only HIPAA, but other security standards such as PCI and NIST 800-53 v.4.  HITRUST builds on HIPAA, a non-prescriptive compliance framework, and creates a standardized compliance framework, assessment, and certification process for the healthcare industry.  HITRUST CSF certification is a much more rigorous process, with a higher burden of proof put on the organization trying to achieve certification, than a HIPAA audit. That is why Project Hosts provides not only a HIPAA compliant cloud, but a HITRUST certified cloud environment to host your data, workloads and applications.

HIPAA

  • Self attestation

  • Compliant through ISO audit

  • Not Updated (Stagnant)

  • Not very prescriptive – Example: passwords – (Password rules are not mandated)

HITRUST

  • Official certification

  • Audited by HITRUST certified auditors

  • Continually updated

  • Prescriptive – Example: passwords – (Minumum length: 8 characters, Complexity: 3 out of 4 character types, Change requires 4 changed characters, Password expiration: Every 60 days, Reuse: Can’t use last 6 passwords, Etc.

  • As a result, many Providers, Payers and other covered entities are requiring HITRUST.

bottom of page