4medica and HITRUST

4medica is now HITRUST CSF Certified

After a rigorous, multi-step process, 4medica officially received HITRUST CSF Certification for the 4medica Big Data MPI™, 4medica’s Health Data Exchange and supporting infrastructure.
HITRUST CSF Certified status demonstrates that the 4medica has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places 4medica in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

What is HITRUST?

The HITRUST CSF is a framework designed and created to streamline regulatory compliance through a common set of security controls mapped to the various standards to enable organizations to achieve and maintain compliance.

How does HITRUST evaluate companies?

HITRUST evaluates companies using 19 domains. The domains are designed to address every aspect of a business’s security operations. Those domains are:
  • Endpoint protection
  • Transmission protection
  • Mobile device security
  • Wireless security
  • Configuration management
  • Information protection program
  • Password management
  • Vulnerability management
  • Network protection
  • Incident management
  • Data privacy and protection
  • Risk management
  • Access control
  • Audit logging and monitoring
  • Education, training, and awareness
  • Third-party assurance
  • Business continuity and disaster recovery
  • Portable media security
  • Physical and environmental security

How did 4medica get HITRUST CSF Certified?

An authorized external, third-party assessor conducted an audit of 4medica’s security architecture and operations. We then submitted the report to HITRUST and they performed their own assessment. Using two different layers of review ensures that no facet of a company’s security protocols go untested.