Last week Reltio announced HITRUST CSF Certification in a press release. While this wasn’t exactly headline news it was significant for our customers and partners, present and future in the Healthcare and Life Sciences Industries (HCLS).
The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. In the same week John Houston, VP of security and privacy and associate counsel, at the University of Pittsburgh Medical Center (UPMC ) sounded an alarm in an article “UPMC Security Chief Sounds Warns Many Cloud Computing Vendors Lack Ability to Appropriately Secure Health Data” in which he calls upon cloud providers to be more transparent about their security offerings and to support standards such as HITRUST.
Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.
By continuing to improve and update the CSF, the HITRUST CSF has become the most widely-adopted security framework in the U.S. healthcare industry. This commitment and expertise demonstrated by HITRUST ensures that healthcare organizations leveraging the framework are prepared when new regulations and security risks are introduced.
Fundamental to HITRUST’s mission is the availability of the HITRUST CSF that provides the needed structure, clarity, functionality and cross-references to authoritative sources. The initial development of the CSF leveraged nationally and internationally accepted standards including ISO, NIST, PCI, HIPAA, and COBIT to ensure a comprehensive set of baseline security controls. The CSF normalizes these security requirements and provides clarity and consistency, reducing the burden of compliance with these requirements that apply to healthcare organizations.
Typically HITRUST has traditionally only been applied for, and awarded to Healthcare specific companies, whose sole focus is that industry and the handling of HIPAA and other patient-level compliant grade data. A search of HITRUST certification for legacy and cloud-based data management platforms yields no qualifying companies prior to Reltio.
Although Reltio is a horizontal Modern Data Management Platform as a Service, that is multi-tenant and industry agnostic, we have a significant number of HCLS companies who rely on us to manage and provide business facing application-level access to sensitive data. Over the last year, we have invested a tremendous amount in resources and cost to ensure that our platform compliance meets both industry and geographic-specific regulatory and compliance requirements. We anticipated the need for companies to want to use Reltio for data (e.g. Patient data) under HIPAA compliance, and were determined to go through the rigor and challenges to achieve full HITRUST CSF certification.
In conjunction we also appointed Peter Bierfeldt as Chief Information Security Officer (CISO), to lead customer security, privacy, validation and compliance efforts at Reltio. Peter has more than 20 years of industry experience, including leading complex, large enterprise IT programs and projects. He also has over 10 years of experience in the pharmaceutical industry, and has managed the global delivery of a multi-million-dollar IT program for a top 10 pharmaceutical organization.
With HITRUST CSF added to Reltio’s SOC type compliance, the growing roster of HCLS companies using Reltio Cloud can now confidently extend to sensitive data beyond what they were able to manage with other tools that are unable to provide this level of support.