Microsoft Office 365 cloud services for the healthcare industry has been awarded the highest possible HITRUST CSF rating – achieving a maximum score of five – in a certification review of its security and privacy controls begun by Centura Health.
The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is a scalable, prescriptive and certifiable framework developed for healthcare organizations. It was designed with the target of speeding up the process of vetting organizations and reviewing multiple certification standards as part of a programme to move data to the cloud.
The CSF incorporates an assessment and certification process that simplifies the management of multiple standards – HIPAA, HITECH, PCI, COBIT, NIST and FTC – and assesses the degree of “maturity” an organization or potential Business Associate has for particular security requirements.
The HITRUST CSF was formulated based on the Program Review for Information Security Management Assistance (PRISMA) – the National Institute of Standards and Technology’s Computer Security Division’s NISTIR 7358 standard. As is the case with NISTIR 7358, an organization must demonstrate five levels of maturity for each specific security requirement under examination. By using the assessment healthcare providers can quicken the process of monitoring and selection BAs for compliance with industry regulations.
Many healthcare organizations have alreadyimplemented the HITRUST CSF including Health Care Service Corporation, Anthem Inc., Hospital Corporation of America, Highmark Inc., IMS Health, UnitedHealth Group, Blue Cross Blue Shield of Massachusetts and Centura Health. These healthcare providers and insurers use the reports produced by certified HITRUST assessors to help them make a decision on which BAAs to use and to ensure continued compliance in the cloud.
The top security rating awarded to Microsoft Office 365 was one of the main reasons why Centura choose to use the company and its cloud services to serve its 15 hospitals and 18,000 staff.
According to a statement issued by Centura Health’ Director of Data Security, Kris Kistler, “For Centura Health, it is important that our business partners are securing our information to the same standards that we adhere to,” He went on to say “We believe that the HITRUST Common Security Framework (CSF) is the most comprehensive security framework available.”
This achievement portrays that Microsoft is committed to putting in place the strict security standards required by HIPAA and other regulations and is further proof that the company is using HIPAA Security Rules as a minimum standard.
This is not the only standard the company has been awarded achieved. Microsoft was one of the first providers of cloud services to offer HIPAA-covered entities(CE) a HIPAA Business Associate Agreement (BAA), which it co-developed with the healthcare industry to ensure full adherence with industry regulations.
It was also the first provider of cloud services to meet the requirements for the world’s first international standard for cloud privacy known as ISO 27018. ISO 27018 was developed by the International Organization for Standardizationwith the intention of formulating a more uniform approach to protecting privacy for personal data stored in the cloud.
Microsoft is certainly showing that it is dedicated to protecting data and ensuring it remains private and confidential, while allowing healthcare organizations to streamline their services and improve productivity by transferring data to the cloud.