360 Advanced, a leader in IT compliance and assurance services nationwide, is advising healthcare providers and their consumer data management vendors to move quickly to participate in the HITRUST CSF Assurance assessment process because the initial deadline for compliance is set for this summer.
“The HITRUST examination and assurance process can take six months or more to complete successfully, so it would be wise for healthcare providers and their related service organizations managing consumer data to schedule their HITRUST CSF assessment as soon as possible,” advises Eric Ratcliffe, Director at 360 Advanced, which provides data security compliance services to clients in more than 30 U.S. states, Europe, South and Central America and the Pacific Rim.
The Health Information Trust Alliance (HITRUST) announced the expansion of the healthcare industry’s use of the CSF Assurance program in June, 2015, in support of efforts to efficiently and effectively manage the third-party assurance process. The Alliance said at that time that healthcare organizations would begin requiring their business associates within the healthcare industry to obtain HITRUST CSF Certification within the following 24 months.
A growing number of healthcare organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will now be requiring their business associates to obtain HITRUST CSF Certification as a means of demonstrating effective security and privacy practices aligned with the requirements of the health industry, according to HITRUST.
A HITRUST spokesman told 360 Advanced that the major healthcare organizations are phasing in the requirement for certification, with some enforcing the summer deadline requirement more aggressively than others.