As healthcare relies more upon telehealth
, communications tools are an increasingly important way for providers to connect with patients the way they want. Communications tools that involve the creation and exchange of ePHI, including patient-provider and team communications (voice, messaging, SMS, video and contact center) represent attack vectors to defend against a breach.
There are an astounding 25 million data breaches each year in US healthcare, a number that continues to grow by the millions. Clearly, the challenge for IT to protect patient data is tremendous, particularly as data security becomes a larger priority
for healthcare providers and for their patients.
Maintaining the protection of PHI via these communication channels despite specialized technology stacks or a Unified Communications (UCaaS) platform is a massive task for IT teams. There is also the challenge of meeting ever-changing and sometimes inconsistent security compliance requirements.
The Health Information Trust Alliance (HITRUST)
The Health Information Trust Alliance (HITRUST) was created to address these specific concerns around breaches, shifting security standards and the growing risks associated with information security in the healthcare industry.
Founded in 2007, HITRUST is a third-party nonprofit of healthcare providers, information security experts and risk management professionals that annually refines a comprehensive security framework for information risk and compliance.
HITRUST integrates and harmonizes requirements from a variety of industry standards such as HIPAA, ISO, NIST and PCI. Those diverse requirements are synthesized and then tailored to the healthcare industry based on organizational, system, and regulatory risk factors.
A Single, Comprehensive Standard for Security
This inclusive approach is purposefully structured so that providers who use the HITRUST framework can ensure a holistically aligned, comprehensive security program that complies across the board. Instead of trying to hit multiple standards at once, HITRUST aims to set the highest standard so that IT teams can rely on hitting that single standard alone.
Because HITRUST is so comprehensive, meeting their certification requirements confers meeting other security standards. For example, a UCaaS system that meets HITRUST requirements will also meet HIPAA and NIST requirements. Whereas a communications system that is focused on meeting NIST alone risks violating HIPAA compliance and may not fully meet ISO or PCI standards.
Such a security gap risks penalties during a HIPAA audit as well as a higher chance of becoming part of the millions of data breaches each year.
HITRUST Certification for UCaaS
To assist IT teams with evaluating, implementing and maintaining the security standards of their communications stack, HITRUST provides a certification for vetted technologies in the UCaaS industry.
HITRUST certification is the highest standard by which vendors can demonstrate alignment with the security and privacy requirements of HIPAA.
As a HITRUST-certified vendor, RingCentral is among the UCaaS vendors
most committed to meeting the strictest of security standards. RingCentral’s HITRUST-certified healthcare communication solution enables providers and patients to communicate easily, without compromising on security or putting patient data at risk.
Want to learn more about how HITRUST certification can help your organization? Call us at 877-328-7767 or message us here.
If you enjoyed this article you may also enjoy: