Access Healthcare achieves HITRUST CSF Certification status for its information security controls. HITRUST provides three levels of assurance: self-assessment, CSF validation, and CSF certification. The Model assesses each security control against 5 parameters – Policies, Procedures, Implemented, Measured, and Managed - that enable the organization to maintain a consistent and incremental approach to manage compliance. Through the implementation of HITRUST CSF Security Controls, it is evident that security and protection of customer’s data are on the top of Access Healthcare’s priorities and is imbibed into our culture of service excellence.
The journey of HITRUST certification began 14 months ago, triggering 19 domains with 487 controls, implementing state of the art security solutions like LEM (Log and Event Management), SIEM (Security Information and Event Management), PAM (Privileged Access Management), HIPAA compliance SFTP, file integrity management, file-server encryption and compliance tools. The assessment was performed by one of the largest professional services firm, based on the quality assurance framework that ensured our scores are consistent, and the recommendations helped us to fine-tune the implementation of the security controls. This certified status demonstrates our compliance towards,
systems including desktops and laptops, and
infrastructure including file servers, network devices, active directory, application servers, database application and server, and FTPS (File Transfer Protocol Secured) server
This certification is effective from February 25, 2019, and the program ensures compliant against the myriad of healthcare regulations, industry standards, and business requirements. In addition to the HITRUST CSF certification, Access Healthcare has both ISO 9001:2015 and ISO 27001:2013 certifications, SOC 2 Type 2 audited, and are fully compliant with HIPAA standards.
About HITRUST CSF Certification
The foundation of all HITRUST® programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. Developed in collaboration with information security professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.