Microsoft Azure is one of the first cloud platforms to be named a HITRUST-certified provider of cloud computing services for the health care industry.
HITRUST, the Health Information Trust Alliance, is a group founded in 2007 to focus on information security in the health care industry. To that end, the group has established a comprehensive risk management framework used by 84% of hospitals and health care organizations to help protect data and to assure compliance with a variety of regulatory requirements.
In order to achieve HITRUST accreditation, Azure had to prove regulatory compliance with diverse legislative, security and privacy requirements including HIPAA, PCI, ISO 27001, and MARS-E. Azure also must maintain compliance with industry best practices.
Ken Vander Wal, Chief Compliance Officer for HITRUST, said, “HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive health information is accessed or stored in a cloud environment. By taking the steps necessary to obtain HITRUST CSF Certified status, Microsoft Azure is distinguished as an organization that people can count on to keep their information safe.”
Microsoft sees the achievement of HITRUST certification as an important part of empowering large organizations to migrate operations to the cloud. As stated on the Microsoft blog, it is important to allow large industries to choose cloud computing by helping to remove regulatory and other obstacles to cloud adoption. Ensuring that Azure achieves, and maintains HITRUST certification means that health care organizations have the option to migrate to the cloud using the Azure platform, while assuring compliance with regulatory, privacy and security requirements for health care data.
Microsoft Azure adds the HITRUST certification to its existing certifications for the health care industry, including HIPAA/HiTech and MARS-E, achieved independently of the HITRUST accreditation.
Last September HITRUST became the first health care organization to share cyber threat indicators with the Department of Homeland Security, through the DHS Automated Indicator Sharing program. HITRUST fully integrated their Cyber Threat XChange (CTX) with the DHS program, allowing the two groups to share information regarding cyber threats with each other, and with participating health care providers.
Additionally, HITRUST launched the CyberAid program, offering security assistance and information exchange to smaller health care providers and organizations.