1 min read

HITRUST CSF gap analysis (day 3) for a Silicon Valley startup

Picture of Hoala Greevy Hoala Greevy December 6, 2018

HIPAA compliance
Team meeting in an office conference room with laptops and notebooks
Team meeting with HITRUST CSF consultant in conference room As part of our HITRUST CSF Gap Analysis, Jeff Pochily from Kirkpatrick Price visited our office for a third day. The Gap Analysis is part of our journey for the HITRUST RightStart program. Here's what we covered for Day 3:
  • Covered about HITRUST ‘gotchas’ and hidden requirements
  • Discussed additional requirement statements and do practice scoring
  • Close out with marks of success and the very basics of a long-term plan for HITRUST compliance

 

SEE ALSO: HITRUST CSF Gap Analysis for a Silicon Valley Startup

 

HITRUST CSF Gap Analysis Takeaways (Day 3)

Office tour during HITRUST CSF gap analysis discussion Jonathan "BBQ" Greeley giving Jeff Pochily the Paubox office tour

 

Here are some of my takeaways from today:

  • HITRUST has a unique definition of the term contractor. It's important to know the distinction.
  • Two-factor authentication (2FA) for all important services is vitally important
  • Formally document a customer identification process for incoming phone calls and emails
  • User access controls must be well defined
  • Establish a documented hierarchy of PHI access levels
  • Established call schedules twice a week with Jeff going forward until submission

 

HITRUST Alliance

Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.

 

HITRUST RightStart Program

 

Jeff Pochily and Chris Pearson discussing HITRUST CSF compliance Jeff Pochily with Chris "Linux" Pearson

 

The RightStart program is aimed at giving startups the tools needed to make information security and compliance easier to establish and manage. The newly introduced program helps startups like us accelerate adoption of the most comprehensive risk management, compliance, privacy and security suite of services in the marketplace.

 
Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Two professionals reviewing code on laptops at a desk

HITRUST CSF gap analysis (day 2) for a Silicon Valley startup

Picture of Hoala Greevy Hoala Greevy : December 5, 2018

Tyler Dornenburg and Jeff Pochily covering Anti-Virus policies Jeff Pochily from Kirkpatrick Price was back in our office this morning as day two of...

From the founder
Read More
Man presenting at a conference room with a control framework diagram displayed on screen

A solution for HITRUST transmission protection - Control 9.11

Picture of Hoala Greevy Hoala Greevy : July 16, 2019

HIPAA compliance
Read More
Paubox employees at a casual office gathering with coffee and drinks

HITRUST RightStart: Configuration management

Picture of Hoala Greevy Hoala Greevy : January 17, 2019

HITRUST Fatigue set in last night at the office as we worked on punching out our HITRUST assessment. Tyler "Commish" Dornenburg and I put in a robust...

From the founder HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.