Healthcare organizations not only have to be HIPAA and HITECH compliant, but they also have to ensure that their business associates are compliant as well. Which makes sense; if electronic health records (EHRs) are being passed from one healthcare organization to another company, the information is still private and needs to be secured. To ensure this is the case, many organizations are requiring business associates to adopt HITRUST’s data and data security framework, while implementing it internally themselves.
To what degree these business associates are mandated to adopt the HITRUST security framework depends on the healthcare organization. Although leveraging the framework to some degree will significantly protect both the healthcare organization and the associate in the case of an audit.
To understand why organizations are leveraging the HITRUST framework and how it can help, read ahead.