The Health Information Trust Alliance (HITRUST) is a security framework for online stores and other websites that deal with healthcare sales. Meeting the guidelines set out by the framework ensures that relevant businesses are compliant with rules governing the access and protection of patient data. Compliance is just one benefit to following the HITRUST framework. Online stores benefit from having a strong security framework to ensure customer info is safe and private.

How is HITRUST different from HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US regulation governing the way companies protect patient data. Failure to comply with these regulations can lead to fines and lawsuits.

HITRUST is an organized attempt to standardize how companies secure protected health information (PHI). Using the HITRUST security framework helps online stores ensure they’re HIPAA and PCI compliant by safeguarding the sensitive personal data that gets collected throughout the purchase cycle.

Who needs to follow the HITRUST framework?

No one needs to follow the framework. But if your online store deals with PHI, there isn’t a stronger or more tested security schema to follow as you move forward making your business HIPAA compliant.

That said, many of the improvements HITRUST aims to make may already be measures you’ve put in place for PCI compliance. The ultimate goal of all this, after all, is to protect sensitive information your online store collects about your customers. That said, there may be areas of improvement HITRUST can help you identify to ensure you’re HIPAA compliant.

What do you need to do to be HITRUST compliant?

HITRUST compliance requires you to focus on a number of areas for your online store, including:

Securing mobile devices of employees who can access data
Controlling who can access what information and ensuring a strong password program to protect access
Implementing extra security measures like encryption, firewalls, antivirus programs, and more
Strong security policies for mitigating risk and troubleshooting data breaches
The ability to remotely wipe data from employee devices

Generally, following the HITRUST framework means putting security measures in place that are crucial for the success of your business whether or not you deal with sensitive PHI. Financial data is just as sensitive, which is why following a strong security framework like HITRUST just makes good business sense.

How do you certify your online store as HITRUST compliant?

HITRUST certification requires you to assess your online store for compliance and put any new measures in place. When you think your online store is ready, you complete the assessment and hire a third-party auditor to make sure everything looks good. HITRUST and the auditor will review your assessment. If all requirements are met, your online store will be HITRUST certified.