Home
Insights
Is Your Data Secure? Part 2 – HITRUST and Hosting

Is Your Data Secure? Part 2 – HITRUST and Hosting

In the first part of our security series, we focused on the most widely recognized standard of PHI security – HIPAA Compliance. For this second part, we will focus on another important standard (HITRUST), and how you can protect yourself if you are using a 3rd party hosting platform.

HITRUST

HITRUST is another important security standard that you should ask your technology provider about. It is a set of controls created to meet the requirements of multiple security standards such as ISO 27000 and HIPAA. So, it goes beyond what HIPAA regulates and further into the IT security realm. Unfortunately, certification costs are in the mid 6 figures so many businesses do not pursue it. However, a firm can get what’s called a “HITRUST Fast Assessment” – which can be requested by an organization to evaluate a technology firm’s readiness to meet the HITRUST standard. Ask to see if your technology provider has a fast assessment report – if they passed the assessment, it means they have good controls in place for HIPAA and other cyber-security threats. If they can’t provide you with a report, you might be exposed.

Hosting

If you host the software on your own servers, you are in control of the data and can ensure that the proper safeguards are put in place. But what if your vendor is hosting the software? Check to see if their hosting center is a Tier 3 Certified Data Center with Multi-Factor Authentication for access, and whether they have certifications from accreditation bodies such as SSAE 18 SOC-1, ISO 27001, PCI DSS, HIPAA and HITRUST. Confirm they have administrative safeguards such as security information and event monitoring (SIEM) and incident management should an exposure be found. Be sure to be comfortable with the answers your vendor is giving you.

Moving Forward

Technology is a great way to reduce administrative burden and increase the member experience. To ensure your data is properly safeguarded, it is important to ask your prospective vendor questions about their security position. Ask to see the details of what they are claiming before committing to them. Otherwise, you could find yourself in a precarious situation with your member’s data, and your reputation, at risk.

Read “Part 1 – HIPAA Compliance” of this series

Steve Dewis

Steve Dewis is the General Manager for Momentm. He has spent the last 25 years directing technology companies, specializing in operations, strategy, change management and risk mitigation. Steve is a tribal leader who strives to build a high performing culture and deliver exceptional value for his customers. He is a registered professional engineer and avid swimmer and downhill skier.

Latest Insights

Using Social Media to Your Advantage

Discover how social media is transforming the way we care for seniors. It can be a game-changing tool in combating loneliness and providing a sense of community to older adults. Surprisingly, 78% of seniors now use technology to stay connected with loved ones, while 97% use their smartphones daily. And this tech-savvy generation wants to be more engaged than ever. Learn how PACE organizations can use social media to advocate for their programs, connect with participants, and educate the public about aging in place. Find out how Momentm can be your partner in providing reliable transportation so that seniors can enjoy their independent living.

Human Interaction in the Call Center

Getting Back Your Valuable Time In a world of work where being “overworked” is increasingly the norm, automation and AI may present themselves as the

Streamline Your Call Intake Operations

Momentm’s New Call Center Solution One of our core values at Momentm is prioritizing a member-first perspective. Putting your member’s well-being at the forefront of

Contact Us

Sales
1-833-668-7253

Customer Care
Contact Us

NEMT Software

Newsletter Signup

    Social

    Linkedin Instagram Twitter Youtube

    Momentm is a dedicated Health & Human Services Transportation software company, emerging with 30+ years of prior experience from TripSpark and Trapeze. We are committed to addressing a key social determinant of health (SDOH), namely non-emergency medical transportation (NEMT), for many market segments including Managed Care Organizations, brokers, transportation providers, PACE, IDD and health groups.

    Copyright © 2024 Momentm. All rights reserved.
    Sitemap
    Privacy Policy
    Events
    Careers

    Cookie Settings

    By using this website, you agree to our use of cookies. We use cookies to provide you with a great website experience and to improve our communications with you. If you continue without changing your settings, we’ll assume you’re happy to receive all cookies on this website. If you wish, however, you can change your cookie settings at any time. Click “Find Out More” for detailed information about how cookies are used on this website.
    Accept All Cookies
    Find Out More