ClearDATA Announces Industry-Leading HITRUST v9.5.1 Certification
Protecting healthcare data is increasingly challenging, particularly with ongoing technological advancements and dynamic threat patterns to thwart. ClearDATA has now earned its fifth consecutive HITRUST Risk-Based (r2) certification for CSF v9.5.1, demonstrating the highest levels of cyber risk assurance. With this achievement, ClearDATA re-establishes its leadership within an elite group of organizations that have earned this certification. As security and privacy requirements and standards evolve, ClearDATA provides its customers with industry-leading products and services delivered with a security and compliance focus.
A Healthcare “Gold Standard” for Information Security
The healthcare industry has long needed a “gold standard” for measuring implementation maturity and compliance with ambiguous and nuanced regulations. Although various industry standards and frameworks exist for organizations to formalize their information security management programs, none offer a detailed healthcare perspective, except HITRUST. As a result, organizations are often challenged with balancing limited resources and expertise with maintaining more commonly required security measures.
Achieving the HITRUST certification allows organizations to remove the guesswork in complying with complex healthcare regulations, such as HIPAA, CMS, MARS-E, and various state laws, while demonstrating recognized security practices. There are additional benefits as well – organizations can meet implementation levels mapped to GDPR mandates and much more.
The (Not So Easy) Path to HITRUST Certification
Healthcare organizations still face significant challenges, as adopting an industry-standard framework such as the HITRUST CSF is just the beginning of the journey. Therefore, a significant amount of planning, time, resources, and expertise are necessary to operationalize the control requirements in a manner that supports core business functions while enabling innovation and time-to-market.
Attempts to quantify the actual cost of a HITRUST certification can be difficult; some estimates have merely presented values that consider direct costs. In certain instances, indirect costs associated with the adoption and adherence are not factored in. Ultimately, the costs associated with developing and implementing measures that meet each control requirement will vary considerably based on each organization’s scope.
It is safe to assume that an organization will need several months to beyond a year to identify gaps in their information security management program and implement mitigating controls (i.e., indirect costs). Finally, the timeframe of undergoing a validated assessment (i.e., direct costs) can vary between four and nine months in most cases, as part of completing its three primary phases (e.g., planning, assessment, and submission). As a result, direct costs could range from $40,000 to well over $100,000, not including indirect costs. Depending on an organization’s maturity level at the onset, indirect costs could range from tens of thousands of dollars to hundreds of thousands.
Making HITRUST Work (Better) for You
As more organizations work to improve their information security management programs by, pursuing a HITRUST Certification, for instance – ClearDATA is one of the only hosting, cloud, or service providers that demonstrates, not only the highest standards of security and compliance, but also functions as an authorized inheritance provider that allows participants to inherit up to 60% of scoped maturity requirements.
HITRUST Inheritance benefits include but are not limited to 1.) more efficiently managing cyber risk, 2.) delivering greater clarity of shared responsibilities for controls in cloud environments, and 3.) reducing time and effort related to HITRUST certification assessments. In addition, ClearDATA Inheritance customers can quickly determine which controls are inheritable, validate the applicability of each requirement to their scoped assessment, and submit the requests through the HITRUST MyCSF® platform. Furthermore, streamlined Inheritance workflows also minimize the level of effort involving 1.) orchestrating the collection of information regarding control performance, 2.) distributing offline third-party attestation reports, and 3.) testing requirements during the assessment.
The direct costs associated with the HITRUST certification are certainly an investment, and one worth making, just as ClearDATA has done since 2014. Altogether, ClearDATA’s Inheritance program can save your organization time, resources, and costs associated with meeting numerous control requirements.
Staying Ahead of the Compliance Curve
Third-party dependencies and risk are material challenges and, in some cases, inhibitors to business growth. For example, the proliferation of PHI and other sensitive information in the cloud has resulted in organizations, in certain instances, deciding between reducing and maintaining tolerable risk or leveraging emerging technologies that could catalyze the growth of new products and services. How organizations sustain this delicate balancing act subsequently impacts deal velocity, market access to new verticals, and partnering with industry leaders within healthcare.
As more organizations impose additional security and privacy requirements on their customers and business partners, the ability to present third-party assurances from an independent and qualified assessor is increasingly becoming table stakes. Whereas it previously served only as a luxury. Many covered entities, like payers and providers, require a minimum set of demonstrable standards or a third-party attestation of an organization’s security and privacy practices. Typically, by an independent auditor or assessor. That is where ClearDATA and its history of maintaining the HITRUST certification comes in. As a trusted cloud partner, ClearDATA provides not only cloud management and managed defense, but also products and services that customers can leverage with the confidence that their IT infrastructure and data are protected by a leader in the healthcare cloud, security, and compliance space.
Protected by ClearDATA
ClearDATA works with healthcare organizations to ensure they demonstrate the highest security and compliance posture. Whether your team is looking to take advantage of the HITRUST Inheritance program or just ensuring your organization is collaborating with a partner with a history of protecting healthcare data in the public cloud, ClearDATA can help your organization elevate your competencies above the competition with reduced time, cost, and level of effort.
