How to take advantage of the HITRUST Shared Responsibility and Inheritance Program

Featured image

Share this article

How to Take Advantage of the HITRUST Shared Responsibility and Inheritance Program - Paubox

Because of the sensitive nature of medical care, the healthcare industry faces unique security challenges.  The Health Insurance Portability and Accountability Act of 1996, better known as HIPAA, is U.S. legislation created to improve health coverage standards and combat fraud and abuse related to protected health information (PHI).

HITRUST® was created to help mitigate and manage risk for covered entities and their business associates. It establishes the HITRUST CSF® framework that allows for the consistent implementation of HIPAA requirements.

In 2019 Paubox achieved HITRUST CSF Certification to manage risk and improve its security posture.  This certification applies to Paubox Email Suite Standard, Plus, and Premium, Paubox Email API, and Paubox Marketing.

SEE ALSO: HIPAA Compliant Email: the Definitive Guide

What is the HITRUST Shared Responsibility and Inheritance Program?

The HITRUST Shared Responsibility and Inheritance Program is intended to simplify leveraging service provider security controls for a HITRUST CSF Assessment.

Assessment scores of any cloud hosting or service provider participating in the HITRUST Shared Responsibility and Inheritance Program can be applied to any other organization’s assessment. 

In other words, a company can leverage a vendor’s assessment scores when conducting its own HITRUST CSF Assessment, thereby inheriting a vendor’s controls and applying them to its own assessments easily, saving time and resources.  

This simplifies and streamlines the assessment process.

Benefits of the program

Key benefits of the HITRUST Shared Responsibility and Inheritance Program include:

  • An indication that a vendor has a strong focus on security
  • Less required testing
  • Inheriting control requirement scores
  • Less data entry for applications already hosted on a HITRUST CSF certified environment

By seamlessly lifting and applying assessment scores to other assessments across the board, organizations can reduce the time, effort and associated costs required for testing inherited controls.

How the program works

Participating service providers appear in the official list of organizations that have a HITRUST CSF Validated Assessment.  A client indicates which specific control requirement it will inherit and chooses its hosting or service provider from the list. 

The system validates the relationship by requesting verification from the vendor to confirm the services provided. 

In order to participate in the program, a vendor must have:

  • MyCSF Subscription
  • Inheritance Module Subscription
  • Current HITRUST CSF Validated Assessment in good standing

For more information about the HITRUST Shared Responsibility and Inheritance Program, contact HITRUST at 855.HITRUST or email [email protected]

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Chloe Bowen

Read more by Chloe Bowen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022