The Health Insurance Portability and Accountability Act (HIPAA), which passed in Congress in 1996, outlines protection and security standards for health care data. Although this was passed twenty years ago, it is still very much relevant to companies today. A new acronym you may have heard recently is HITRUST, or the Health Information Trust Alliance. Many are under the impression that HIPAA and HITRUST are at odds with each other and fail to understand how the two are related.
While HIPAA is an act that details standards for compliance, HITRUST is an organization that helps you achieve those standards. The major difference is that HIPAA is simply a framework of regulations while HITRUST assists companies with achieving compliance to those regulations.
HITRUST developed and sustains the Common Security Framework (CSF) which functions to coordinate standards set by HIPAA along with others, such as PCI, ICO, and NIST. By making the HIPAA framework compatible with alternate frameworks and guidelines, companies can be more at ease with compliance.
Many people mistakenly think that HITRUST CRF is a new set of regulations or that HIPAA is a system, when it is truly the reverse, and knowing the difference between the two is crucial.
Additionally, it is important to be aware of how the two relate. HITRUST can be of service to those who are looking to use multiple service vendors while ensuring HIPAA compliance.
HIPAA compliance is critical in order to ensure proper protection of data; however, it can be difficult to keep up to speed. Do the proper research to determine which programs are right for your company, helping the company's efficiency, compliance, and productivity.