![]() ![]() EisnerAmper worked with the client to de-identify the PHI data elements to the point where the client could remove the requirement for HITRUST compliance.ISO 27001 checklist: Steps for Implementation A small startup company could not afford the cost of HITRUST compliance.This was deemed to be acceptable to their client’s requirements. A national Health care organization accepted a SOC 2 Plus HITRUST.Can you provide a brief example of hypothetical companies and why they may choose one or the other compliance option? Other frameworks and standards used are ISO 27001, NIST, SOC 2. HITRUST was designed to include HIPAA compliance as an option and is the most designed for health care. Most frameworks are designed for specific industries. What are some of the factors (pro or con) that companies should consider when selecting a compliance framework? A SOC 2 has been used by health care companies to demonstrate health care compliance to its customers.Review the data elements in scope that triggered the HITRUST requirement and remove the triggering factors that require HITRUST.EisnerAmper is a certified HITRUST assessor. A normal SOC 2 audit with the 75 required HITRUST controls needed for certification.What are the alternatives to HITRUST?īelow is a list of options that we have negotiated for clients as an alternative to HITRUST. While HITRUST is the “Gold Standard” for health care compliance it’s usually not the only or best way to achieve compliance. Sitting down with a health care compliance expert will help determine the best compliance strategy for meeting HITRUST compliance. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |