We are comprehensive cloud management for modern enterprises, services providers, and the public sector.
Everything you need to manage and allocate costs, optimize spending, and save money.
Unified secure configuration, activity monitoring, and IAM tracking for the public cloud.
Give financial operations a complete picture of IT costs across hybrid cloud infrastructure.
The next step in cloud security—ensure your cloud infrastructure is audit-ready for 35 regulatory standards.
Built to optimize the best features of the major cloud providers in a single pane of glass.
With an integrated ecosystem carefully chosen for your success.
Our technology partners amplify the advantages of the cloud.
Comprehensive management and automation of cost, security, compliance, inventory, and utilization for the modern enterprise.
A full suite of modules and tools to support the unique business needs of MSPs, CSPs and resellers, from custom invoicing to analytics and reporting.
Unified cloud management for federal, state, local, and higher education institutions.
As the healthcare industry becomes more and more IT-driven, keeping our personal medical information private and secure is paramount. To this end, government bodies around the globe have established mandatory data security regulations for healthcare organizations, with severe penalties for non-compliance. Among the best-known regulations are HIPAA (Health Insurance Portability and Accountability Act) in the U.S., and the GDPR (General Data Protection Regulation), which comes into effect in the EU in May 2018 and has special provisions for personal health information.
One of the first things that healthcare organizations look for when evaluating healthcare IT solutions is robust compliance with all relevant health data protection regulations. Achieving comprehensive compliance, however, is not always easy in a fragmented global regulatory environment. In this article, we take a look at HITRUST, a healthcare industry initiative that has put forward a harmonized, scalable, and certifiable framework of data protection controls.
HITRUST (Health Information Trust Alliance) is a privately-held company that was established by healthcare industry leaders to provide a harmonized, certifiable framework for all organizations that create, access, store, or exchange sensitive and/or regulated health data. The global healthcare players who stand behind HITRUST include top-tier HMOs, private payers, providers, vendors, and distributors/retailers such as Kaiser Permanente, Humana, IMS Health, Hospital Corporation of America, McKesson, and Walgreens.
The HITRUST Common Security Framework (CSF), which is already in Version 9, is a comprehensive, risk-oriented framework of data security controls based on globally recognized standards, regulations and business requirements including ISO, NIST, PCI, HIPAA, and state laws. In order to achieve maximum clarity, the CSF is carefully divided into 19 different domains such as Endpoint Protection, Mobile Device Security, Network Protection, Audit Logging & Monitoring, and Data Protection & Privacy. It provides 135 specific controls, each one with several implementation levels so that the controls can be scaled dynamically according to the type, size, complexity, and risk profile of the healthcare organization.
Like PCI in the payments industry, HITRUST compliance by healthcare vendors is voluntary, but it is quickly becoming a standard expected by covered entities such as hospitals and payers. HITRUST certification is tiered into three degrees of assurance: self-assessment, CSF Validated, and CSF Certified. The latter two require a third-party CSF assessor, with large companies such as AT&T, BDO, and the Big Four auditing firms (PWC, Deloitte, KPMG and EY) being active in this field, along with many lesser known entities.
In addition to its cost and asset management benefits, CloudCheckr’s enterprise-grade Cloud Management Platform (CMP) helps healthcare organizations monitor, audit and maintain compliance with many underlying data security controls across their cloud infrastructure, including multi-cloud deployments. The CMP’s 500+ Best Practice Checks detect access control and other data security misconfigurations, with automated fixes that can be adapted to each organization’s hierarchy and workflow.
Many of CloudCheckr’s Best Practice Checks have a one-to-one relationship with various security standards, such as the Center for Internet Security. Indeed their CIS Benchmarks are directly integrated into CloudCheckr, so enterprises can check their CIS “Score” without leaving the app, and fix issues from within the CloudCheckr console.
With ever more stringent regulatory scrutiny and with cloud-based solutions becoming the norm, the healthcare industry is embracing management platforms like CloudCheckr’s CMP as essential tools to achieve optimal business outcomes.
Schedule a demo to see how CloudCheckr can keep your cloud secure and compliant, or try a 14-day free trial.