Healthcare solutions offered in the cloud are attracting unprecedented attention today due to the ongoing global pandemic and the associated need for social distancing. Microsoft has been at the forefront of empowering healthcare organizations to harness the power of the cloud.
Protecting health information and complying with health regulations are important components of any health solution in the cloud. Azure has long had a range of healthcare compliance offerings including HDS, HIPAA, MARS-E, NEN 7510, and the increasingly important HITRUST CSF – A certifiable framework that gives organizations a comprehensive and efficient approach to regulatory compliance and the risk management offers.
Today we announce the availability of the HITRUST for our customers with the Healthcare Information Trust Alliance (HITRUST) Shared responsibility matrixThis provides clarity about roles and responsibilities when implementing solutions in Azure that meet the strict HITRUST standard for protecting sensitive health data.
In cooperation with executives from the areas of data protection, information security and risk management from the public and private sector, HITRUST develops, maintains and offers broad access to its widespread common framework for risk and compliance management, the associated assessment and security methods.
The HITRUST CSF provides the structure, transparency, guidance, and cross-referencing of authoritative sources that organizations around the world need to be assured of privacy compliance. When the HITRUST CSF was first developed, nationally and internationally recognized security and data protection-related regulations, standards and framework conditions were used, including the International Organization for Standardization (ISO), the National Institute for Standards and Technology (NIST) and the Payment Card Industry (PCI). , Health Insurance Portability and Accountability Act (HIPAA) and Information Technology Control Objects (COBIT) – to ensure a comprehensive set of security and privacy controls and continuously include additional authoritative sources. The HITRUST CSF standardizes these requirements, ensures clarity and consistency and reduces the burden of compliance. The HITRUST CSF has developed into a widespread security and data protection framework in all industries worldwide.
The HITRUST CSF integrates and harmonizes more than 40 authoritative sources and comprises more than 2,000 controls. HITRUST certifies IT offers based on these controls. The HITRUST CSF certification status shows that an organization is meeting critical regulations, meeting industry-defined requirements, and managing risk appropriately. If customers only use the local IT infrastructure, they are fully responsible for implementing the HITRUST CSF controls. Customers using a cloud service such as Azure can reduce their load because the cloud is a shared responsibility between the customer and the cloud service provider.
The Shared Responsibility Matrix makes it easy to understand which of the many HITRUST controls that may apply to an Azure customer are the customer’s responsibility, are shared, and are already fully covered by Azure. For example, domain 1 of the CSF, the information protection program, is largely the responsibility of the customer, as it is mainly about guidelines, training and documentation. Domain 18, Physical Security and Environmental Security, is entirely the responsibility of Azure as all of the physical infrastructure is controlled by Microsoft. Other domains, e.g. B. Domain 8, Network Protection, share responsibility for security and configuration of network security.
“With HITRUST, companies can ensure that the highest standards of information protection are met when accessing or storing sensitive data. Microsoft’s adoption of the Shared Responsibility Matrix for Azure ensures that the necessary controls are implemented and shared responsibilities are understood and fulfilled. Microsoft is an organization you can rely on when it comes to information security. “-Becky Swain, director of standards development, HITRUST
An added benefit for Azure customers when using the Shared Responsibility Matrix is the HITRUST inheritance feature, which allows Azure customers to inherit controls from Azure’s HITRUST rating and easily apply them to their own ratings, saving time and resources. When a customer completes their HITRUST CSF assessment, they can use the HITRUST MyCSF SaaS platform to select “Request Inheritance” for any requirements they wish to inherit from Azure. Microsoft then approves all relevant controls from the request and notifies the customer.
Another way Azure customers can accelerate their HITRUST deployment is by using the Azure HITRUST Blueprint sample. The free Azure Blueprints service enables cloud architects and information technology groups to define a repeatable set of Azure resources that implement and adhere to an organization’s standards, patterns, and requirements. The HITRUST Blueprint sample provides governance barriers using Azure Policies that customers can use to evaluate specific HITRUST controls and provide a core set of guidelines for any Azure-provided architecture that HITRUST controls must implement.
In a new one Webinar Nidhi Sanghavi, Senior Program Manager for Azure, explains the implementation of HITRUST on Azure together with Guillermo Gomez, Senior Product Marketing Manager, who demonstrates the application of an Azure Blueprint for HITRUST.
The Shared Responsibility Matrix and Azure Blueprints illustrate Azure’s leadership role in regulatory compliance. Azure offers more than 90 compliance offerings, including over 50 for global regions and countries, and more than 40 compliance offerings for the needs of key industries such as health, government, finance, education, manufacturing, and media.
Microsoft continues to lead the way in enabling healthcare organizations to harness the power of the cloud. Microsoft cloud for healthcareAn industry-specific end-to-end cloud solution contains released and new functions for the healthcare sector that unlock the performance of Microsoft 365, Azure, Dynamics 365 and Power Platform. It makes it faster and easier to deliver more efficient care and helps customers support end-to-end health data security, compliance and interoperability. Plus, it leverages the power of Microsoft cloud to transform the healthcare journey and help:
- Enable personalized care that improves patient engagement by enabling patients to access their healthcare organization on their terms with personalized experiences.
- Empower healthcare organizations with access to tools that enable collaborative workflows.
- Enhance clinical and operational insights to predict risk and improve the quality of care.
- Reimagine healthcare with innovative new technologies like HoloLens in operating rooms so surgeons can see up-to-date information about patients and better visualize procedures.
- Protect health information and comply with health regulations.
To take advantage of Azure compliance and health offerings: