MERIT Solutions Blog

Understanding the Relationship Between HIPAA and HITRUST

Understanding the Relationship Between HIPAA and HITRUST

HIPAA—the Health Insurance Portability and Accountability Act—is a serious concern for all healthcare providers that operate within the United States, and for good reason! Since August 1996, HIPAA has mandated that these healthcare providers comply with various best practices. While HIPAA is relatively familiar to many people for assorted reasons, fewer know about HITRUST (the Health Information Trust Alliance) and how these acronyms ultimately cooperate with one another.

First, we would be amiss if we didn’t start with what makes them different. HIPAA and HITRUST, contrary to what you may assume, aren’t both regulatory frameworks. HIPAA very much is, but HITRUST is actually an organization that itself developed its own framework (the Common Security Framework, or CSF) that assists businesses in complying with HIPAA, as well as PCI DSS, NIST guidelines, and other regulations.

What is the Health Insurance Portability and Accountability Act?

Signed into law in August of 1996, HIPAA establishes the many requirements that healthcare organizations and their partners must adhere to, with these requirements expanded upon further by the addition of the HIPAA Omnibus Rule that better integrated the demands of the HITECH (Health Information Technology for Economic and Clinical Health) Act.

What Does the Health Information Trust Alliance Do?

HITRUST, as a coalition, works to integrate the tenets of HIPAA into its own CSF. By establishing certain requirements of businesses that align with what HIPAA mandates, the HITRUST CSF makes the portability and accountability act far more actionable.

How Do These Two Acronyms Coexist?

Building on HIPAA, the HITRUST CSF creates a standardized framework and certification process for the healthcare industry to abide by, while also integrating the demands of HIPAA with those passed down by other compliances and frameworks, as we mentioned above. In many ways, HITRUST is therefore the larger challenge to comply with.

Speaking plainly. HIPAA lays out the rules that healthcare providers, organizations, and affiliated businesses must abide by. HITECH gives them the strategies and solutions needed to do so. As a result, both are critically important considerations for any healthcare-affiliated business that wishes to avoid considerable challenges.

Do You Need Assistance in Keeping Your Business Compliant?

There is no shortage of security protocols and protections that assorted businesses in different industries must be cognizant of in order to continue their operations without being subjected to assorted fines. MERIT Solutions is here to help you and your practice see to it that you are, with all the technical parts handled for you. Find out exactly what our team can put in place for you and assist you in managing by calling (757) 420-5150 today.

Hackers Start Beef with JBS Ransomware Attack
Tip of the Week: Properly Manage Your Browser’s Sa...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, June 14 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Tim Meyers Tip of the Week: Change Your Display in Windows 10
26 August 2019
Don't change only your operating system, change your display as well with a modern sunlight readable...
Tim Meyers E-Waste: An Often-Forgotten Environmental Issue
23 August 2019
E-waste and recycling and other waste management activities have not yet been determined, but they a...
Tim Meyers How to find the ideal desk height
23 August 2019
The table where you sit should be at the right height because it is necessary to have a good positio...
Tim Meyers Self-Driving Cars: Would You Hand the Wheel Over to a Computer?
23 August 2019
Self-driving cars are just cars, so they might have sensors, but no computer brain. Still, they are ...
Tim Meyers Checking Up on Medical IT in 2019
23 August 2019
Because almost all the personal information of the patients are on computers and on a cloud storage ...