Phoenix, Ariz. (Sept. 4, 2014) — ClearDATA Networks, Inc., the leading healthcare cloud data computing platform and service provider, today announced that it has successfully achieved Common Security Framework (CSF) Certified status from the Health Information Trust Alliance (HITRUST). This independent, third-party certification assures healthcare organizations that ClearDATA’s cloud computing, backup, disaster-recovery and professional services meet the highest standards for managing security risks and protecting health information.
CSF certification underscores ClearDATA’s continuing commitment to meet and exceed the global healthcare industry’s stringent data privacy and security regulations—including HIPAA, and to provide the highest level of protection against data breaches and malicious cybercrime.
“An unrelenting focus on data security including HIPAA compliance has always been the cornerstone of our business. We are pleased to formally demonstrate the depth and breadth of our compliance and best practices with this certification,” said Chris Bowen, chief privacy officer and a founder of ClearDATA. “This designation will give our clients even more confidence in our ability to manage protected health information in an IT infrastructure that aligns with the latest standards and regulations.”
HITRUST CSF is an information security framework that incorporates international, federal, state and third-party regulations and standards to establish an encompassing, first-class standard for security, privacy and compliance. Standards and regulations incorporated into the certification include HIPAA, HITECH, PCI-DSS, ISO 27001, COBIT, NIST and FTC. The framework was developed by security and compliance experts from hospitals, physician groups, pharmacies and pharmacy benefit managers, IT security vendors and consultancies, payers, and other stakeholders for applicability throughout the healthcare industry. CSF eliminates variability in the definition of acceptable security requirements.
“Gaining CSF certification further validates that ClearDATA has made protecting its clients’ sensitive healthcare information a top priority,” said Ken Vander Wal, chief compliance officer of HITRUST. “This commitment to information security is essential in an industry where evolving technologies for transmitting and hosting data are prevalent and the costs associated with a data breach can be devastating. We applaud ClearDATA’s management for ensuring that its cloud-computing platform and services meet the CSF certification requirements.”
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has received more than 95,000 HIPAA complaints since 2003 resulting in almost 2,500 corrective actions for hospitals, physician practices, outpatient facilities, health plans and pharmacies. OCR is holding healthcare organizations of all sizes accountable for HIPAA violations. A five-physician cardiac surgery practice was fined $100,000, and a 12-physician dermatology practice was hit with a $150,000 payment. On the other end of the spectrum, in May HHS’ OCR announced a $4.8 million settlement, the largest HIPAA-related settlement to date, and in April another organization agreed to pay a $1.7 million settlement because of unencrypted data on a stolen laptop.
“It’s clear that HHS will continue to take HIPAA compliance very seriously and that violations can be devastating both financially and to the reputation of an organization,” explained Darin Brannan, CEO of ClearDATA. “Because we have focused exclusively on the healthcare industry, we have always made compliance with HIPAA, HITECH, PCI and other data security requirements a top priority. For us, HITRUST CSF certification is not a one-time milestone. Offering the highest level of security and compliance is part of our culture—day in and day out.”
The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.