HITRUST is a standardized methodology and framework to effectively and consistently measure compliance and risk. Our assessment has over 600 controls spanning a multitude of areas including the way we collect information, our testing procedures, and how we address federal, state, and industry requirements.
It’s a comprehensive approach to regulatory compliance and risk management, normalizing over 20 of the most common security and privacy standards, including PCI, ISO2700, HIPAA, NIST and COBIT.
We think it’s cool, because it captures our Security First approach and we were the first cloud contact center to be HITRUST certified where we support many Healthcare Organizations and Financial Institutions today.
HITRUST – And Why It Matters
HITRUST was established to maintain a security framework that ensures confidentiality of sensitive medical information in a way that is applicable and utilized by both covered entities and business associates.
HITRUST developed its CSF certification to bring together many compliance frameworks, including HIPAA, PCI, ISO and NIST, among others.
For financial providers, HITRUST certification means that the organization in question (including its products) has already undergone rigorous scrutiny and is a verified-secure partner whose technology an organization could leverage for its digital transformation without fear, hesitation or time spent on an additional internal review.
Are Your Technology Suppliers and Partners HITRUST Certified?
IBM’s 2018 “Cost of a Data Breach” study reports the global average cost of a single data breach is up 6.4% from 2017 to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8% to $148. Organizations that experience a data breach oftentimes lose a significant amount of their customers as a result. Providing comprehensive data protection to consumers to proactively safeguard against a breach can help your organization reduce the degree of abnormal churn while improving customer trust in the guardianship of their personal information.
While most organizations want to be prepared in the event of a data breach, many spend a disproportionate amount of time and resources in response to an incident that has already taken place rather than proactively safeguarding the company and its consumers.