Healthcare Organizations Require HITRUST CSF Certification

Healthcare organizations such as Anthem, Health Care Services Corp., Highmark, and UnitedHealth Group now require that all third-party suppliers with access to healthcare data obtain CSF Certification within 24 months to demonstrate effective security and privacy practices. HITRUST estimates that an additional 7,500 organizations that do not currently have CSF Certification will be impacted by these requirements.

Cyber threats in healthcare frequently target third-party suppliers, known as business associates. Covered entities are required to monitor and vet all their business associates, but the complexities and costs associated with the security review process create a significant burden for both covered entities and suppliers. The CSF Assurance program provides a unified approach to third-party assurance that minimizes duplicity and reduces risk.

In February 2015, PDHI’s ConXus Platform earned HITRUST Certified status, which enables it to be part of this common assessment process.