Post Detail

April 20, 2023 in HITRUST

How HITRUST Provides Superior PHI Protection

How HITRUST Offers Superior PHI Protection

Due to its highly personal nature, patient healthcare information, or PHI, ranks among the most valuable and coveted assets on the black market. This trove of information, encompassing Social Security numbers, birth dates, addresses, diagnosis codes, and billing details, attracts cybercriminals for reasons beyond mere identity theft. And unfortunately, PHI protection efforts lag across the healthcare industry.

Motivated by potential financial gain, these malicious actors engage in a range of illegal activities, including reselling stolen drugs and medical equipment, and even filing fraudulent insurance claims worth millions. Notably, stolen healthcare credentials command a premium compared to credit cards, fetching up to 20 times the price on the black market.

Healthcare organizations often lag in implementing robust cybersecurity measures, making them prime targets for cyberattacks. This vulnerability is reflected in the alarming trend of cyberattacks against the industry, which have more than doubled over the past decade.

In fact, here are a few alarming statistics regarding cybersecurity in the healthcare industry and the lack of PHI protection:

  • 89% of healthcare providers have suffered data breaches in the past two years.
  • 41% of Americans have had their protected health information exposed in the last three years.
  • Data breaches cost healthcare providers an average of $6.45 million.
  • Healthcare institutions spend an average of $429 per stolen record.
  • By 2021, there’s an expected loss of $6 trillion due to cyber-related crimes.
  • Healthcare providers took 197 days to identify a data breach and 69 days to contain it.

Clearly, it’s becoming increasingly important to ensure your practice implements the best safeguards to protect sensitive patient health information.

HIPAA’s shortcomings that gave way to the rise

The HIPPA laws were passed more than two decades ago to help to protect people’s sensitive medical information, including those that exist in electronic form. It addresses federal and state compliance with security safeguards at the administrative, physical and technical levels. This law applies to all healthcare organizations and providers. However, in its purest form, the law gives healthcare organizations the ability to analyze their own level of risk and determine the best comprehensive information security program for themselves. Unfortunately, most of these organizations have been unprepared to handle this responsibility. Without the necessary clarity to meet security requirements while staying in compliance, most organizations failed miserably, leaving information unknowingly vulnerable.

HIPAA vs HITRUST - PHI Protection

HITRUST development to provide a framework for managing HIPAA requirements

In 2007, a group of industry leaders recognized the need for an industry standard for the information security framework. They came together to create the HITRUST CSF – a nonprofit organization that manages information risk, develops security framework, and maintains compliance within the healthcare industry. They have a seasoned management team dedicated to cybersecurity education. HITRUST CSF is currently the most widely adopted information privacy, security risk management and compliance framework in the U.S.

HITRUST certification means a billing statement provider has a prescriptive set of controls for a broad range of regulations

The HITRUST certification gives vendors and medical billing statement providers a specific set of guidelines to meet goals and stay in compliance within a range of regulations. HITRUST’s industry-managed approach creates a virtual roadmap that vendors and statement providers can use to manage compliance and reduce risk. By incorporating existing globally recognized standards and scaling to the organization’s size, HITRUST provides clear guidelines for an organization to save considerable time and money while safeguarding information and maintaining compliance across the board.

“Within the HIPAA Security Rule, certain specifications are required, and others are addressable. An organization can choose not to implement addressable specifications if there is a valid business reason.”

– Joe McDermott

HITRUST technical lead with Schellman

HITRUST’s high bar for certification means that you can trust certified corporations with your data

The results and the efficacy of the HITRUST approach are unparalleled in the industry. A HITRUST certification means that there is no erosion in the vendor’s security and compliance posture, giving partner and parent organizations peace of mind. A vendor’s HITRUST certification makes it easier to increase PHI protection, mitigate risk, maintain compliance, and minimize waste effectively and efficiently. It also communicates an organization’s commitment to the privacy of patients’ sensitive medical data, building credibility and trust.

MailMyStatements proudly holds this certification and takes the protection of partner and patient information very seriously. Start a conversation with us today about how our technologically driven billing and payment systems can benefit your practice.



By browsing this website, you agree to our privacy policy.
I Agree