HITRUST vs. NIST
With the passing of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 came the need to update healthcare records onto electronic devices. Although, the adoption of these electronic health records (EHRs) primarily came later, when the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in 2009. With the combined set of rules and regulations, being both HIPAA and HITECH compliant became a complex puzzle for healthcare organizations to piece together.
But data and data security issues weren’t going to wait. With the significant proliferation of computers, smartphones, and other electronic devices, data security and privacy regulations needed to be streamlined and enforced. Thus, frameworks for data security and security compliance were created.
NIST and HITRUST are both frameworks that help healthcare organizations stay HIPAA compliant to avoid penalties for data security breaches. Though the question then becomes: which framework should be used, and are the two compatible? To explore these questions and more, read ahead.