HIPAA? HITRUST? One you have to follow (or else), the other it may be time to pursue.
In this podcast Justin Beals, CEO & Co-Founder of Strike Graph provides a primer on HITRUST and what companies thinking about pursuing certification need to consider.
HIPAA, he explains, is a legal requirement providing rules for how healthcare data must be handled, and penalties for when it is mishandled. HITRUST is not a legal requirement but a standard. An organization can get assessed against it and even certified.
Why should you pursue it? There are many reasons, but, likely the most compelling is that healthcare providers require HITRUST certification from their vendors. With approximately 70% of data breaches traceable to third parties, organizations are demanding that their suppliers take strong steps to ensure the security of their systems.
Pursuing HITRUST certification can be a long process, Justin explains. As a result, one key to success is starting early and avoiding the temptation to go too fast. It’s not supposed to be fast and easy. Plus, it requires the collection of significant data.
A second key to success: recognizing that this represents a culture change. Attitudes toward security will likely need to evolve, and data protection is now more important than ever, bringing with it a host of changes that need to be implemented.
A concerted communications and education effort will be needed to achieve success. With so many breaches beginning with human errors, the workforce has to know what to watch out for, what to avoid, and why cybersecurity must be taken so much more seriously.
Listen in to learn more about HITRUST and the challenges and rewards in implementing it in your organization.