Earlier this month, Care Continuity announced that our Care Continuity Cloud Application earned HITRUST Risk-based, 2-year (r2) Certified status, demonstrating that our Cloud Application has met the demanding regulatory compliance and industry-defined requirements and is appropriately managing risk.
This achievement places Care Continuity in an elite group of organizations worldwide that have earned this certification.
While this may sound like a check of the box for the modern technology solution, HITRUST Certification is a rigorous process that helps ensure that the technology vendors you use have an acceptable level of security against modern cyberattacks.
What is HITRUST and the HITRUST r2 Certification?
As an organization, HITRUST is an industry leader in privacy, information security, and risk management. Their Assurance Program is the standard bearer for cyber security.
By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
Achieving HITRUST CSF Certification is a rigorous process that touches virtually all areas of the organization. From a security and compliance perspective, the audit involved every department and reviewed nearly 300 controls over a three- to four-month timeframe. It is quite an undertaking with certification demonstrating to our customers the highest standards for protecting sensitive data and information.
HITRUST offers multiple different certifications through their Assurance Program, with their Risk-Based, 2-Year, also known as r2, Certification being the most rigorous. HITRUST describes the r2 Validated Assessment as the “gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight.”
Why is HITRUST Certification Important in Healthcare?
When it comes to cyber security, healthcare information technology is one of the most targeted sectors in the world.
According to the 2022 Healthcare Cybersecurity Year in Review published by Health and Human Services, 66% of healthcare organizations reported that they had a ransomware attack last year.
In 2022 alone, 43 million patient records were exposed by intentional cyberattacks, and the average cost of a ransomware attack in healthcare rose to over $10 million, the highest average amongst all industries.
For providers, 2022 also showed the importance of properly vetting the security protocols and standards of third-party vendors and business associates. Of the healthcare organizations breached last year, 56% were business associates.
What Should You Ask Vendors When It Comes to Data Security?
When analyzing vendors for anything from enterprise software solutions to patient navigation platforms, data security standards should be top of mind.
Inquire about their HITRUST certifications and consider only contracting with vendors that have active certification standing with HITRUST.
Outside of HITRUST, request documentation on their internal protocols for HIPAA security and disaster recovery.
In 2023, all healthcare vendors should be taking cybersecurity as seriously as providers and should have the certification to prove it.