Title: Does HITRUST show HIPAA Compliance?
Topic: What’s the difference between HITRUST and HIPAA? If the organization has the HITRUST certification, does that mean it is in compliance with HIPAA?
With growing scrutiny in healthcare and a record number of breaches increasing at an alarming rate, healthcare organizations are taking preventive measures in order to avoid breaches and possible fines. However, healthcare organizations are confused on what measures they need to take in order to protect healthcare information
HITRUST and HIPAA are two unique types of assessments that share the common objective of safeguarding protected healthcare information but otherwise are different in how they are setup. HITRUST takes a risk based approach and HIPAA takes a compliance based approach.
HIPAA - (Health Insurance Portability and Accountability Act), was enacted by Congress in 1996 which included the Security Rule which established a national set of security standards for protecting (ePHI) otherwise known as electronic protected health information. The HIPAA security rule is subdivided into three types of safeguards (physical, technical, and administrative). Following the safeguards there are the organizational requirements, policies and procedures, and documentation requirements, each having their own subset of requirements. The HIPAA security rule was created to provide healthcare organizations such as small practices to large hospitals a way to address specific risks