What is HITRUST vs. HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA), which passed in Congress in 1996, outlines protection and security standards for health care data. Although this was passed twenty years ago, it is still very much relevant to companies today. A new identity you may have heard recently is HITRUST®. Many are under the impression that HIPAA and HITRUST are at odds with each other and fail to understand how the two are related.


What is HIPAA HITRUST certification?

While HIPAA is an act that details standards for compliance, HITRUST is an organization that helps you achieve those standards. The major difference is that HIPAA is simply a set of regulations while HITRUST assists companies with achieving compliance to those regulations.

HITRUST developed and sustains the CSF, which functions to coordinate standards set by HIPAA along with others, such as PCI, ICO, and NIST. By making the HIPAA compatible with other frameworks and guidelines, companies can be more at ease with compliance.

Many people mistakenly think that HITRUST CSF® is a new set of regulations or that HIPAA is a system, when it is truly the reverse, and knowing the difference between the two is crucial.

Additionally, it is important to be aware of how the two relate. HITRUST can be of service to those who are looking to use multiple service vendors while ensuring HIPAA compliance.

Is the HITRUST certification cost worth it?

HIPAA compliance is critical in order to ensure proper protection of data; however, it can be difficult to keep up to speed. Do the proper research to determine which programs are right for your company, helping the company's efficiency, compliance, and productivity.