Originally published August 9, 2018 by Elizabeth O’Dowd at hitinfrastructure.com. 

Edited November 14, 2018 to correct the naming convention for HITRUST CSF® Certification.


ClearDATA’s expansion of its HITRUST CSF® Certification allows healthcare organizations to securely leverage major cloud service providers like Amazon, Google, and Microsoft.

August 09, 2018 – ClearDATA today announced its HealthDATA Cloud Program, HealthDATA Cloud/IAAS, HealthDATA Management and HealthDATA Security has earned Certified status for information security by HITRUST.

The expanded CSF 9.1 covers 36 privacy and security regulations including FedRAMP, NIST, ISO and the European General Data Protection Regulation (GDPR).

GDPR took effect back in May and protects the data privacy for people in the European Union and the European Economic Area. It also covers exporting data outside of the EU and EEA. The GDPR does not only apply to EU organizations, but to any organization across the world that has access to data of EU data subjects. This could include healthcare organizations collaborating with doctors or healthcare organizations overseas.

HITRUST expanded CSF Version 9.1 in preparation for GDPR in order to move forward with internationalizing HITRUST CSF.

“GDPR signals a move towards a more international standard for information privacy. With this new version, we have modified the HITRUST CSF controls to meet the requirements for a comprehensive assessment of GDPR risk posture. This is critical given that GDPR is one of the key compliance issues currently facing privacy officers worldwide,” HITRUST Associate General Counsel and Chief Privacy Officer Anne Kimbol said in a statement.

When GDPR was first announced, ClearDATA took steps to introduce new features into its managed public cloud solution to comply with GDPR.

“Because of ClearDATA’s healthcare-exclusive focus on security and compliance in the cloud, we are prepared for GDPR and can assist our customers in achieving and maintaining compliance — just as we have done with HIPAA regulations,” ClearDATA Founder and Chief Privacy and Security Officer Chris Bowen said in a statement. “We have interpreted the articles of GDPR and created a view of compliance for them in our dashboard, so customers impacted by GDPR can quickly confirm that their public cloud solutions comply.”

Now, ClearDATA is expanding its health data security to encompass Microsoft Azure, GCP, and AWS. This expanded certification gives healthcare organizations deploying health IT applications in multicloud environments on GCP, Microsoft Azure, and AWS the confidence to work among these cloud service providers.

ClearDATA last week announced its partnership with GCP to allow its healthcare customers to build and deploy digital tools in a compliant platform without needing to worry about addressing compliance needs themselves.

“ClearDATA takes the formidable duty of securing patient information. Our latest HITRUST certification is greater in scope than before because data privacy and security has now taken the global center stage,” said ClearDATA Founder and Chief Privacy and Security Officer Chris Bowen.

ClearDATA is a healthcare-specific managed cloud solution that helps healthcare organizations manage their multicloud environments.

Healthcare multicloud environments are growing as organizations are leveraging different cloud platforms for different purposes. Multicloud uses different cloud service models or providers for data because different clouds are better suited for different tasks.

Organizations can choose to host applications in the cloud based on predetermined criteria. Different applications may have certain security requirements. These requirements can include how often the application is accessed, how frequently the application is backed up, or how long the data retention period is.

As healthcare organizations continue to adopt digital tools they need to look at security as a big picture challenge. Remote monitoring and telehealth programs call for connections from outside the healthcare facility. Many remote clinicians and patients are using applications hosted in multicloud environments, and those applications and connections need to be protected in a compliant manner.

Remote collaboration with specialists is also a reality in healthcare with improved signal and video quality. Expanding HITRUST to cover international connections is a step toward more collaborative care.

ClearDATA’s HITRUST expansion for AWS, GCP, and Microsoft Azure gives healthcare organizations secure access to tools and services developed and hosted by these major vendors. Organizations can also move applications from one CSP to another in their multicloud environment with confidence that they will remain secure.