HITRUST MyCSF streamlines regulatory compliance reporting

HITRUST announced a major feature enhancement to its information risk management platform, HITRUST MyCSF, that significantly streamlines how organizations capture and present regulatory compliance evidence.

HITRUST also introduced a new, no-cost Regulatory Assistance Center to further support organizations with a HITRUST CSF® Certification as they prepare for and undergo regulatory audits.

Both the new Compliance and Reporting Pack feature for HITRUST MyCSF and the new Regulatory Assistance Center initially focus on the Health Insurance Portability and Accountability Act (HIPAA), expanding into other regulations in the future.

The Compliance and Reporting Pack collects specific information that is required to comply with HIPAA and regularly requested during audits. Within the HITRUST MyCSF platform, the information is automatically consolidated into a compliance report formatted by HIPAA control and populated with evidence and documentation that can be shared directly with investigators.

“Organizations look to HITRUST to help them manage information risk, maintain regulatory compliance, and for reporting to third parties,” said Jeremy Huval, Chief Innovation Officer, HITRUST.

“We are always listening to customers and providing more resources to further streamline these processes, and most importantly, continue to help our customers achieve their information risk management and compliance objectives as efficiently and effectively as possible.”

More than 80 percent of U.S. hospitals, 85 percent of U.S. health insurers, and many other covered entities and business associates leverage the HITRUST Approach to aid their HIPAA compliance initiatives.

As the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) pursues its responsibility of enforcing HIPAA Rules, OCR investigations include requests for specific documents and evidence of compliance.

“Having supported numerous organizations leveraging their HITRUST CSF Certification for use in OCR investigations, HITRUST’s new HIPAA compliance reporting feature will significantly reduce the effort and burden in responding to HIPAA-related inquires,” said Robert J. Hudock, Partner, King & Spalding LLP.

“The report output can be given directly to investigators in a format that is clear and easy to understand.”

The HITRUST Compliance and Reporting Pack for HIPAA will be available to all HITRUST MyCSF subscribers, effective March 2021.

The new HITRUST Regulatory Assistance Center (the “Center”) will aid organizations that have a HITRUST CSF Certification and are preparing for or undergoing a regulatory audit.

This no-cost assistance includes guidance on how a HITRUST CSF Assessment Report can and should be leveraged to demonstrate compliance, including how specific requirements are met or how best to respond to requests.

Although HITRUST regularly responds to inquiries, the Center is a centralized resource that is focused on providing up-to-date assistance and communication to HITRUST CSF Certified organizations and their advisors.

The Center is staffed with security and privacy professionals, attorneys, and other experts familiar with the HITRUST CSF, HITRUST CSF Assurance Program, and HIPAA regulations. Organizations with a current HITRUST CSF Certification can start engaging with the HITRUST Regulatory Assistance Center today.

“We’re delighted to see continued innovation from HITRUST which not only helps us regarding HIPAA compliance, but improves our internal processes for implementing and providing security assurances,” said Devin Shirley, Chief Information Security Officer, Arkansas Blue Cross and Blue Shield.

“HITRUST helps us demonstrate that we have the highest standards for managing risk, improving security, and achieving compliance requirements.”