How Does HITRUST Help with HIPAA Compliance?
The HIPAA Security Rule requires healthcare organizations to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). While HIPAA states that you must safeguard ePHI, it doesn’t necessarily tell you how to do so.
HITRUST CSF provides healthcare organizations with actionable information they can use to meet HIPAA security standards.
Part of HITRUST for healthcare allows risk assessments to be conducted based on the CSF. The CSF then creates remediation reports that help organizations address regulatory requirements and other best practices.
According to research conducted by HITRUST, 97% of organizations that adopt the CSF rapidly improve their overall security posture while making it easier to maintain.
“Evidence suggests that the more mature an organization’s information protection program, specifically their information security controls which demonstrate proficiency of operation, management, and reporting, the more likely an organization will be to continue to operate those controls in a similar manner in the future,” the report authors wrote.
“Mature organizations are less likely to suffer a breach and, should a breach occur, the more likely these organizations will be able to contain it and minimize the impact,” they added. “This is because controls that have been implemented at a high level of maturity are simply less likely to fail than controls that are implemented poorly.”
HITRUST Healthcare and eFaxes
HITRUST has made its stance known regarding the use of paper faxes. Paper faxing poses a risk to HIPAA compliance because of the way traditional fax machines were designed. Fax machines generally store messages that have been sent or received, making it easy for unauthorized access to patient information to occur. Traditional faxes can also accidentally be sent to the wrong recipient, or information in a fax can be intercepted by an unauthorized party.
HITRUST recommends that healthcare organizations opt for an electronic fax service to maintain HIPAA compliance, as these services can be HITRUST CSF certified.
HITRUST certified fax services meet the security requirements of HIPAA, including:
- Transmission security
- Data encryption
- Access controls
- Audit controls
When using an eFax service, you must also ensure that the provider will sign a business associate agreement (BAA). Without a signed BAA, the fax service is not considered HIPAA compliant and cannot be used to transmit or receive patient information.
Learn more about HIPAA compliant faxing.