Although 2019 isn’t over yet, there have been at least 25 million healthcare data breaches in the U.S. this year, a startling ten million more than in 2018. These alarming numbers put patient data—even your own—at tremendous risk. This includes traditional patient-to-provider and care team communication (i.e., voice, messaging, video, faxing) that can include the creation and exchange of ePHI.
Thankfully, a solution exists to secure your patient information within these critical communication pathways, a HITRUST-certified communication system. Consider how this type of solution keeps your confidential data safe, as well as other benefits it brings to your facility.
What is a HITRUST-certified communication system?
To understand how you’ll benefit from a HITRUST-certified communication system, let’s delve first into what HITRUST certification is.
HITRUST stands for the Health Information Trust Alliance. The Alliance was founded by healthcare and IT professionals who developed a security framework to manage HIPAA security requirements. HITRUST’s goal is to meet HIPAA security rule requirements in an efficient manner.
Communication systems are comprehensive platforms that enable customers (or, in the case of the medical field, patients) to connect with organizations the way they want, using technologies such as SMS, voice, video, messaging, and contact center technologies.
What do HITRUST-certified communications solutions mean for your healthcare facility?
There are seven benefits to implementing a HITRUST-certified communications solution for your healthcare facility.
1. Increasing IT professionals’ efficiency
If you’re a small facility, you don’t have a large budget for IT issues. You most likely bring in third-party support on an ad-hoc basis. Larger healthcare organizations might have a dedicated IT staff. In either case, you don’t want to spend time or money on fixing never-ending security issues as they arise.
One of the benefits of a HITRUST-certified communications system is that it provides excellent protection against digital threats, such as IP address takeovers, anonymous proxies, and brute force attacks. As a result, IT professionals spend less time putting out security fires and more time keeping all of your systems (including communications) safe.
2. Protection from a comprehensive security framework
One of the benefits of a HITRUST-certified communications system is that HITRUST is a comprehensive security framework. It integrates and harmonizes requirements from a variety of standards, including ISO, NIST, PCI, and HIPAA. Those requirements are then tailored to the healthcare industry based on organizational, system, and regulatory risk factors.
Because HITRUST is so comprehensive, you don’t have to worry about meeting other requirements. For example, if you put a communications system in place that was NIST-certified, but it did not support your overall HIPAA compliance, you would face significant penalties for violating the latter regulations in the event of a HIPAA audit or even worse, a data breach. HITRUST, on the other hand, gives you the peace of mind that you’re covered against an array of security risks.
3. Saving time and money during audits
The benefit of saving time and money ties closely into HITRUST’s comprehensive security framework. Because HITRUST’s security framework covers so many standards, your audit process, that can include an evaluation of your UCaaS services, will be significantly smoother.
HITRUST provides a consolidated control view, so you have greater visibility into how controls overlap among multiple regulations. When audit time comes around, you’ll be able to show how you’re meeting a number of regulatory obligations at once. You only have to perform a single assessment, and you’ll be able to generate several reports that address various legislative or regulatory frameworks.
4. Provable compliance
HIPAA is one example of a regulation that doesn’t have concrete requirements for what compliance with those rules looks like. Additionally, there’s no official system to test compliance with those regulations. To combat that lack of certainty, vendors have developed their own testing methods and certifications.
However, the number of testing methods and certifications creates a muddled environment for HIPAA-covered entities. To go back to the paragraph above, there’s a big difference between how a vendor treats HIPAA Covered Entity clients as their Business Associates and the vendors who claim (without substantiation) they’re “HIPAA-compliant.” Business Associates can actually now be held liable if ePHI is compromised during a data breach, and they must sign an agreement stating that they will protect data (which can be terminated in the event of a violation). Vendors who merely claim HIPAA-compliance, on the other hand, aren’t bound by a strict agreement or any kind of penalties if ePHI is breached.
HITRUST certification is as close as it gets for how vendors demonstrate their alignment with the security and privacy requirements within the HIPAA privacy and security rule. It demonstrates that they have taken strong measures to protect ePHI within their environment on behalf of their HIPAA-covered-entity clients.
5. Customizable for your unique needs
The value of the SaaS vendor being HITRUST CSF-certified is that, whether you’re a single practice or large IDN, you receive the security value from the vendor’s certification.
HITRUST scales controls according to the type, size, and complexity of an organization. A HITRUST-certified vendor can customize it to meet your needs, rather than try to adapt to rules that have been set by someone else.
6. Taking a proactive approach to security
Another benefit of HITRUST is that it takes a proactive approach to security. HITRUST is updated annually so you don’t have to worry that you might be at risk because of a change in regulations.
A few years ago, cyber-threat intelligence was aligned to the HITRUST framework control requirements. That change means that controls will remain effective in the face of a rapidly evolving threat landscape. That’s important because there are dozens of types of cyberattacks, all of which could cost your practice time, money, and reputational damage.
7. Gaining patients’ trust
One of the most important advantages of implementing a HITRUST-certified communications system is that the certification makes you more trustworthy in the eyes of your patients. The certification is granted by a trusted, neutral third-party. From your patients’ point of view, obtaining such certification means you’ve gone the extra mile to protect their data.
We’re living in an age where patient data is at risk. healthcare providers want patients to feel at ease in their offices, not worry that their personal information could be stolen during a hack. HITRUST serves to reassure patients they’re safe.
A HITRUST-certified communication solution offers a number of benefits to medical practices. RingCentral’s HITRUST-certified healthcare communication solution enables providers and patients to communicate easily, without compromising on security or putting patient data at risk. As a HITRUST-certified vendor, RingCentral joins an elite group of global organizations that meet these standards. Learn more about how RingCentral helps healthcare providers today.
Learn more about HITRUST and HIPAA certifications
Originally published Oct 09, 2019, updated Aug 03, 2021