Mitigating data-related risks and achieving compliance is key for regulated industries

crisp content imageAs a Health Information Exchange, the Chesapeake Regional Information System for our Patients (CRISP) facilitates the safe collection and transfer of data between healthcare organizations, allowing those organizations to focus on their core missions: providing high-level care to their patients.

Managing healthcare data means CRISP is regulated under HIPAA and must have someone in the role of Chief Information Security Officer (CISO). For the past several years, Hartman has filled that role, overseeing the organization’s security focus, partnering to assess and strengthen their data safety and HIPAA adherence, and developing a structure for mitigating related risks.

Due to increased pressure from regulators requiring healthcare organizations to maintain stronger data controls, CRISP and Hartman worked together to look for a more systematic method for maintaining the organization’s information risk management and regulatory compliance systems. It was decided that the best approach would be to acquire a security-focused certification. Becoming certified would require CRISP to complete a rigorous review process, make corrections to eliminate any gaps they discovered, and implement the stringent approach needed for monitoring, measuring and decreasing security risks.

CRISP chose the HITRUST certification, one that is intended specifically for the healthcare environment. Working with Hartman, CRISP implemented the controls, policies and processes necessary to achieve the certification. As hackers and their tools become more sophisticated, regulations will change, as will the requirements needed to maintain the HITRUST certification. CRISP and Hartman will work together, adjusting their controls and approaches to remain compliant and to continually improve their security posture relative to their risks.

“Healthcare data is extremely valuable to those who use it for the right reasons as well as those who use it for personal gain,” says Brandon Neiswender, CRISP’s Vice President and Chief Operations Officer. “Our partnership with Hartman allows us to maintain a strong focus on security, while providing services our participants rely on.”

View Other Case Studies