Protecting patient data and securing healthcare information has never been more important for medical providers. The volume of hacking attempts directed at healthcare organizations is increasing each year, and they are growing increasingly more sophisticated.
Regulatory changes are also making data leaks more costly to providers. In the past, larger healthcare groups could offload the blame, and thereby the consequences, to third-party providers. But CMS has tightened the rules and is now holding hospitals and medical providers liable for security breaches that originated with outside providers.
To proactively address these challenges, the IT and security experts at Digirad decided to overhaul the security and data protocols to better protect our customers and patient data. After a years-long, focused effort, Digirad has earned HITRUST certification and now brings this level of security to our customers and partners.
HITRUST: The Gold Standard for Protecting Medical Data
The Health Information Trust Alliance (HITRUST) is a non-profit organization created to unify the myriad of protocols, standards, and frameworks within healthcare that address Protected Health Information.
HITRUST developed and manages the Common Security Framework (CSF), which combines a number of different security standards into a single, comprehensive framework.
The HITRUST CSF is considered the Gold Standard within healthcare because of the depth and scope covered in order to earn the certification.
By incorporating federal regulations, state laws, HIPAA requirements, PCI, and many other requirements into a single framework, HITRUST has been established as the premier way to protect patient data.
HITRUST is also unique because it was created to certify a process, not an individual or a piece of equipment. Unlike other standards, HITRUST focuses on how data is handled at all stages to ensure that PHI remains secure.
How Digirad Earned HITRUST Certification
The effort to earn HITRUST certification began with a baseline assessment of Digirad IT practices and resulted in a complete overhaul of the Digirad IT infrastructure.
While the organization was already addressing most of the requirements with existing protocols, the IT team, led by Vince Wheeler, Vice President of IT, and Patrick Struthers, Information Security Officer, saw an opportunity to take it to the next level.
The process to earn HITRUST certification saw Digirad move from paper-based systems to the cloud, companywide adoption of Microsoft 365 with MFA, and deep integration of Microsoft Azure technology to modernize and protect how the company handles patient data.
The culmination of the effort resulted in Digirad being awarded HITRUST certification and an entirely new approach to IT and data management with the organization.
How Does HITRUST Certification Help Digirad Customers?
The security and IT improvements resulting from earning the certification are a win for customers. To obtain the distinction, changes had to be made that will protect our customer and their patient health information every day.
Today, when the Digirad imaging team visits a facility, we provide a firewall for each device and operate off a closed loop with no direct network access. The team no longer requires network access, and we are able to provide our imaging services with little more than an internet connection. By keeping the connections separated, your facility is protected, and risk is greatly limited.
Earning HITRUST certification has also streamlined the onboarding process when the Digirad team works with new hospitals and clients. Instead of answering form after form about our protocols, we can provide our documentation, which meets, and often exceeds, the customer requirements.
Stepping Up for Security
Ultimately, earning HITRUST certification is an official way to demonstrate that Digirad is fully committed to security and protecting our customers and the PHI we are entrusted with. We care deeply about our patients and clients, and earning this distinction formalizes our approach.
Data leaks and hacked systems can cause havoc, and having a third-party vendor not prepared to meet the challenges of the market can be disastrous.
This initiative involved hundreds of hours of effort by the Digirad IT team, field staff, and leadership. We salute their effort to protect our customers and earn this distinction.