Catalyze Banks on HITRUST CSF Inheritance Program to Make Security Validations Easier for Customers

Share Article

Catalyze can now willfully extend its HITRUST assessments to customers through the program, reducing costs and required security testing.

HIPAA Compliant Computing for Healthcare

Companies like Catalyze can leverage the Inheritance Program to provide even greater value to their customers that are tasked with protecting patient information.”

Catalyze, the compliant cloud infrastructure for healthcare IT development teams, today became one of the first Health Information Trust Alliance (HITRUST) Certified business associates to participate in the HITRUST CSF Inheritance Program. HITRUST Alliance developed the CSF Inheritance Program and announced its availability in July 2016. The program enables participating service providers that have previously completed the HITRUST CSF certification process to allow their customers who are undergoing a HITRUST CSF Assessment to inherit one or more controls from their certified assessment. This reduces the number of controls their customers should need to test as part of their validation process thereby saving them time and money.

This extension of security controls comes at a critical time for the healthcare industry. Last June, five of the largest healthcare organizations made HITRUST CSF Certification a future requirement for all business associates. However, a KPMG HITRUST preparedness industry survey conducted in August and announced in an October 2016 press release stated, “Two-thirds of business associates are not fully prepared to meet the growing marketplace demands regarding controls for protecting healthcare information, such as patient records.” The survey further indicated that 47 percent of the 600 respondents didn’t have the “right staff with the right level of skills to execute against the HITRUST CSF.”

For healthcare IT firms working with a HITRUST CSF Certified business associate, such as Catalyze, this concern is substantially reduced. “Our customers can now leverage security controls from our previous Validated HITRUST CSF assessments in a fully automated manner,” explained Travis Good, MD, Catalyze CEO and Chief Privacy Officer. “This program allows our customers to demonstrate security measures in place to protect their own clients’ healthcare data through the Catalyze infrastructure. The HITRUST Inheritance Program enables those demonstration efforts to happen seamlessly for our customers while reducing costs and a myriad of compliance headaches.”

There are 135 security controls within the HITRUST CSF. Organizations that undergo a HITRUST CSF Validated assessment must use an approved assessor to test each of the controls. The Inheritance Program allows organizations to take advantage of the investments their participating service provider has made in obtaining HITRUST CSF Certification by allowing them to inherit approved controls and not requiring them to be retested. “This is consistent with and supports HITRUST’s objective to reduce redundancy and streamline the compliance process. Why should multiple organizations pay a third party to test the same control requirement?” said Michael Frederick, HITRUST Vice President of Operations. “Companies like Catalyze can leverage the Inheritance Program to provide even greater value to their customers that are tasked with protecting patient information.”

Obtain more information today by downloading the free guide: What is HITRUST? The guide details the Catalyze journey to HITRUST CSF Certification, explains why HITRUST matters, the structure of the HITRUST framework, associated costs of certification and more.

About Catalyze, Inc.

Catalyze provides an innovative HIPAA compliant, HITRUST CSF Certified platform with a complete set of modules to handle, store and transmit PHI securely in the cloud. Scalable, HIPAA compliant and interoperable infrastructure is powering the future of healthcare, so Catalyze has built the platform upon which development teams can hasten healthcare innovation without the need to become an overnight expert in compliance or integration. For more information, please visit http://www.catalyze.io.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Marcia Noyes, Communications Director
@catalyzeio
Follow >
Visit website