DMM Achieves HITRUST CSF Certification

Posted: Apr 19, 2024 in Company Updates

DMM Achieves HITRUST CSF Certification

DMM recently achieved its HITRUST certification, demonstrating the ability to meet the CSF requirements in both locations: Scarborough, ME and North Wales, PA facilities.  HITRUST determined that DMM met all the requirements for the HITRUST CSF Certification. Our audit included review of the following:

  • Robust protocols around physical access to the data.
  • Tracking systems that ensure integrity and accuracy of each piece of mail.
  • Advanced cybersecurity practices, including threat and vulnerability scanning and monitoring.
  • Business continuity, incident response, and redundancy policies.
  • Thorough training and awareness of security policies for employees.

This certification, in addition to our HIPAA compliance ensures that we double protect PHI.

What Is HITRUST Certification?

HITRUST is the acronym for Health Information Trust Alliance. This organization oversees certification, requiring that companies have technical controls in place to validate the security of their system. HITRUST certification actually verifies that you’re meeting the standards outlined in HIPAA regulations.

HITRUST uses a common security framework (CSF) that allows businesses to approach regulatory compliance and risk management holistically. Based on regulations, standards, and best practices, HITRUST delivers a centralized security and privacy framework.

The HITRUST CSF includes the NIST Cybersecurity Framework as its core while also integrating HIPAA, ISO, PCI, and COBIT. In one framework, HITRUST standardizes all the necessary security and privacy provisions into one. To achieve certification, a HITRUST CSF Assessor Organization performs a Validated Assessment. This exercise includes a review of servers, services, physical locations, and infrastructure. To earn certification, organizations must meet or exceed requirements on various controls relating to the NIST framework.