While data security and availability is imperative for any organization, it is especially true for those in the healthcare industry, whose access to personally identifiable information (PII) such as birthdates and social security numbers requires strong data security measures – and can present security concerns and complexities as these organizations seek to move to the cloud.
Aligning with a cloud services provider who has a demonstrated commitment to ensuring the security of ePHI, and who will execute a HIPAA Business Associate Agreement, is critical for covered entities looking to take advantage of the agility and scalability cloud computing offers.
Expedient can act as a HIPAA Business Associate and provide SOC1 and SOC2 reports, alongside a HIPAA Business Associate Agreement. In fact, Expedient’s most recent SOC2 reports incorporate the criteria from the HITRUST Common Security Framework (CSF), a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
HITRUST CSF has become the most widely-adopted security framework in the U.S. healthcare industry. This commitment and expertise demonstrated by HITRUST ensures that organizations leveraging the framework are prepared when new regulations and security risks are introduced.
By incorporating criteria from the HITRUST CSF, Expedient is now better positioned to communicate information about both the processes and procedures we use to meet the CSF requirements, as well as other applicable trust services criteria relevant to security, availability, and confidentiality — providing new levels of visibility and transparency to covered entities evaluating Expedient’s cloud and managed services solutions.
Read our MedCom Solutions case study to find out how we helped one covered entity through a complex migration of services by providing a stable, secure IT infrastructure.