To Manage Risk, Improve Security Posture and Meet Compliance Requirements
Denver-based CORHIO (@CORHIO) and Phoenix-based Health Current (@AZHealthCurrent), both health information exchanges (HIEs) that operate independently under the regional organization Contexture (@ContextureHIT), recently earned separate Certified statuses for information security by HITRUST. Together, CORHIO and Health Current serve 1,800 healthcare organizations across Colorado and Arizona.
The HITRUST CSF Certified status demonstrates that both organizations’ information systems and technical processes met key regulations and industry-defined requirements and are appropriately managing risk to prevent security breaches. The rigorous certification process involves 19 assessment domains, including third-party management, password management, access control and physical security. By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Common Security Framework (CSF) helps organizations address security and privacy challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
Melissa Kotrys, CEO of Contexture, notes that earning the HITRUST CSF status is a significant achievement for both CORHIO and Health Current. The efforts required years of work from the organizations’ respective IT teams and staff.
“HITRUST is not just a privacy and security program, it’s an organizational program,” Kotrys says. “All employees from CORHIO and Health Current were involved in the process of ensuring they meet complex compliance and privacy requirements that are critical to ensuring the security and integrity of the HIEs. This achievement puts CORHIO and Health Current among an elite group worldwide and helps both organizations build trust with their business partners.”
Morgan Honea, Executive Vice President of Contexture, concurs that HITRUST’s comprehensive requirements represent the “gold standard” for regulation compliance.
“We are pleased to demonstrate to our customers the highest standards for protecting sensitive data and information by achieving HITRUST CSF Certification,” Honea says. He adds that retaining the HITRUST certification is an ongoing process and that will require a perpetual effort from both CORHIO and Health Current. “In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges in privacy and security.”
Bimal Sheth, Vice President of Assurance Services for HITRUST, says the HITRUST CSF Assurance Program is the most rigorous available, consisting of a multitude of quality assurance checks, both automated and manual.
“The fact that CORHIO and Health Current have achieved HITRUST CSF Certification attests to the high quality of their information risk management and compliance programs,” Sheth says.
The HITRUST CSF Certification status will be subject to high-level review over the next two years and the organizations will need to complete the comprehensive assessments again in 2023.
Contexture is a nonprofit, regional organization that provides strategic, technical and administrative support to communities committed to advancing health through information sharing. As the umbrella organization of CORHIO, a health information exchange in Colorado and Health Current, the Arizona health information exchange, Contexture is the largest health information organization in the Western region. Established in 2021, its mission is to advance individual and community health and wellness through the delivery of actionable information and analysis.