What is HITRUST CSF and Why Does It Matter?
Implementing cybersecurity protocols remains a priority throughout the healthcare industry — and a challenge.
In late September 2020, Universal Health Services (UHS) was the target of a largescale malware cyberattack, causing nationwide network outages. As a result, medical staff lost access to computer systems, data, internet, and phones. Amid the mayhem, some staffers even shared real-time updates of the attack on Reddit.
Shortly after, USH officials acknowledged that the attack impacted each of its US sites — which equates to more than 400 health care facilities — but the company’s electronic medical record (EMR) was not directly compromised. Still, for three weeks, USH staff had to rely on offline documentation procedures.
A World of Threats: Why a HITRUST CSF Certification Matters
No doubt, this raises a lot of questions regarding the health care system’s cybersecurity safeguards and policies.
Unfortunately, cyberattacks and data breaches are prevalent in the healthcare industry. Their facilities have a high volume and variety of devices, which adds to the difficulty of comprehensive cybersecurity.
The frequency and severity of each attack only seems to increase with time. To counter this, any company that handles private health information (PHI) needs to consider implementing the HITRUST Common Security Framework (CSF).
Not Required, but a Big Way to Prove Security
The government doesn’t require health care companies to obtain a HITRUST CSF certification — but that doesn’t mean it’s not worthwhile.
First of all, the HITRUST framework helps companies address security regulations that are federally mandated, such as HIPAA. While HIPAA holds health care companies to a certain security standard, it doesn’t necessarily provide clear insight into the “how.” That’s where HITRUST comes into play, as companies can leverage specific, detailed guidelines to set and develop their security measures.
Secondly, data security is an everchanging beast. To account for this, the HITRUST CSF is regularly updated to ensure companies remain on top of the latest security best practices and safeguards.
Third, as evidenced by the USH’s recent network outage, cyberattacks aren’t going away — and they’re quite costly. According to IBM’s 2019 Cost of a Data Breach Report, the average total cost of a data breach in the U.S. healthcare industry was $15.0 million — compared to $8.2 million across all industries. So, the investment in cybersecurity is worth it. On top of that, did you know the average data breach takes 280 days to identify and contain? Protecting PHI can only happen if you’re proactive — not reactive. It doesn’t matter if you’re a health care company or a related business associate.
That’s why Sepire is certified by HITRUST. It’s a rigorous and lengthy application process, but it’s practically a necessity in the digital age.
Secure, Personalized Mailing Solutions by Sepire
Sepire has all the foundational capabilities to deliver secure, high-volume print and mail solutions. We operate from a fully secured, first-class facility with file backup, overflow and recovery provided by Ricoh.
CompliChain is our state-of-the-art proprietary technology platform that provides a robust integration to receive and handle all data in a highly secure manner. CompliChain maps directly to the Ricoh Process Director CMM software platform. It also allows our clients to have end-to-end visibility into processes and track, even manage, projects in real time.
Sepire’s security protocols, proprietary technology workflow and WBENC certification provide a true differentiator in the marketplace – and they provide you with a vendor that place your and your customers’ best interests as a top priority. As an expert in the healthcare direct mail space, Sepire carries all the required certifications you need from your vendors—and a few others that set us apart.
Contact us to learn how our proprietary technology workflow safeguards your customers’ data.