HITRUST Goes Global
When first launched, the HITRUST Cybersecurity Framework (HITRUST CSF) aimed to provide evidence to regulating bodies that healthcare industry businesses were adhering to the mandates listed in HIPAA. This year, HITRUST has added a number of global regulations to better protect healthcare businesses from running afoul of regulations.
In January, HITRUST combined the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF) and was working toward the creation of a single framework and assessment covering all regulatory requirements.
Many countries have introduced new data privacy and security regulations that require companies to implement new policies, procedures, and technologies to keep consumers’ and customers’ data private and confidential. Organizations that wish to conduct business globally must ensure they comply these country-specific regulations and should conduct assessments to make sure they are fully compliant.
The penalties for violations of these regulations can be costly. GDPR violations can earn a fine up to 4 percent of global annual turnover or 20 million euros, whichever is greater.
Along with GDPR, HITRUST has added the Personal Data Protection Act to its HITRUST CSF version 9.2 as part of its international expansion. Through its Irish subsidiaries, HITRUST has filed a formal application with the EU’s Data Protection Board and the Irish Data Protection Commission to have the HITRUST CSF officially recognized as a standard for GDPR certification as well as working with Irish authorities regarding an application to be an accredited certification body for GDPR. HITRUST also is evaluating the process to be an Accountability Agent under the Asia-Pacific Economic Cooperation Cross Border Privacy Rules and Procedures for Processing programs.
HITRUST’s integrated programs and services offer global companies an efficient path to meet the requirements of multiple standards from the European Union’s GDPR and the Fair Information Practice Principles to the NIST Framework for Improving Critical Infrastructure Cybersecurity in the U.S. as well as industry-specific requirements like HIPAA and the Federal Financial Institutions Examination Council.
There are a lot of regulations for organizations in the healthcare industry to follow, especially if or when they operate internationally The HITRUST CSF makes it easy for you to stay in compliance wherever you conduct business. join forces with 2W Tech to help protect your clients’ sensitive healthcare data. We have a Security Compliance Consulting Program that is designed to support our clients’ compliance obligations. Call us today to get started on your HITRUST journey.