06 Oct Are Certifications Like Hitrust CSF Important?
Yes, they are! Maintaining multiple certifications ensures that the service provider you choose engages in a process of continuous improvement and address any gaps in their security programs. Complex compliance requirements and growing security concerns make achieving a gold-standard certification like HITRUST CSF an essential component of any service provider’s security program. At DATAMATX, protecting our clients’ data is always a top priority. Our continued successful completion of SOC 2 Type 2 and HITRUST CSF, along with our compliance with FISMA NIST 800-53 and PCI-DSS, allows you to have complete trust that your data is appropriately and effectively always safeguarded within our facility.
That is why we are proud to announce that three DATAMATX facilities in Atlanta, Georgia Ashland, Virginia and Phoenix, Arizona have successfully passed the HITRUST Interim Assessment to retain our full HITRUST CSF certification. Part of the HITRUST CSF certification process includes the interim assessment, which is a review that takes place exactly one year after the initial HITRUST Validated Assessment. DATAMATX earned HITRUST CSF Certified status on September 30, 2021, demonstrating that we successfully met key regulations and industry-defined requirements and are appropriately managing risk.
The HITRUST Interim Assessment reviews policies, procedures, systems design, personnel and inventory to determine whether significant changes to an organization have occurred. If significant changes have taken place, HITRUST requires a full re-assessment. If no significant changes have taken place, organizations are eligible to be re-certified without re-assessment. On September 27, 2022, based on the work performed by an authorized external assessor, HITRUST concluded there were no material changes to the control environment and DATAMATX is meeting the requirements of v9.2 Risk-based, 2-year (r2) certification.
HITRUST CSF is the information protection framework for addressing rigorous security standards, as well providing a certifiable framework that includes, harmonizes and cross-references existing, globally recognized standards, regulations and business requirements—including HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT and GDPR. It leverages federal and state regulations, industry standards and frameworks, and a focus on risk management to create a comprehensive standard. The framework was originally developed for the healthcare industry, but now has applicability in financial services, travel and hospitality, media and entertainment and telecommunications.
The HITRUST CSF is one of the most highly respected certification programs when it comes to protecting PHI and underscores DATAMATX’s commitment to our many healthcare and insurance clients that we maintain the strongest security infrastructure for ensuring the integrity and confidentiality of our customers’ data.