HITRUST Risk-Based 2-Year (r2) Certification is the United States equivalent to the European General Data Protection Regulation (GDPR) and is a systematic approach for managing data privacy and security above and beyond what HIPAA requires. This evaluation harmonizes multiple standards and more than 40 authoritative sources while providing prescriptive and granular control requirements and leveraging a common assurance methodology across all HITRUST Assessments. The HITRUST evaluation process involves engaging an independent HITRUST-Authorized, External Assessor to verify an organization has met all the industry-defined certification requirements relating to the security and privacy of sensitive data. The importance of HITRUST certification is further supported in “Why digital health companies should be HITRUST certified”, a compelling article by Jim Farrell for MedCity News.
Vendor risk management, data security and privacy, and quality audits are key factors to consider when choosing a digital ACP solution partner, as well as their commitment to being fully vested in doing what it takes to meet the healthcare industry’s highest data security, privacy, and compliance requirements.
ADVault is proud of the work we do. Not only to keep our partners’ patients and members at the center of care when it matters most but to ensure their sensitive data is secure. Our unique ability to pair critical security with accessibility is what allows patients and members to have control over when, how, and with whom their information is shared, as well as track who is accessing their data. If fact, every aspect of our MyDirectives Solutions platform is designed to prioritize strong cybersecurity and regulatory compliance.
Ensuring data security and privacy is a shared responsibility between healthcare technology systems and their users. It’s paramount both parties do their part as illustrated in the graphic below.
Maintaining HITRUST r2 certification is a continuous commitment and investment. Doing so requires an annual in-depth analysis and evidence-based investigation of over 256 different data privacy and protection domains with a HITRUST-Authorized External Assessor firm. Once again, ADVault has successfully completed its comprehensive cybersecurity compliance audit with KirkpatrickPrice.
The requirements imposed on companies seeking HITRUST Certification include the following:
MyDirectives Solutions, powered by ADVault Inc., continue to be the only digital advance care planning tools and interoperable, cloud-based storage platform that is certified HITRUST Risk-based r2 certified.
To learn more about the HITRUST certification process, or our regulatory compliance, data security, and privacy approach, contact one of our experts.