We recently announced that that the Talix Coding InSight platform has again earned the HITRUST Certified status for information security. (That’s right—for the second year in a row.)
At face value, HITRUST CSF Certified status indicates that our platform meets key industry regulations and requirements for protecting sensitive, private healthcare data. That’s a pretty big deal in and of itself, as anyone familiar with the numerous standards at play in the healthcare world—such as HIPAA, ISO, NIST and COBIT, to name a few—can attest.
But here at Talix, we believe earning a HITRUST certification indicates a deeper level of commitment to security than many companies realize. And Talix was the first NLP-enabled risk adjustment company to achieve this coveted security certification for the second year in a row.
What is the HITRUST certification anyway, and why did Talix pursue it?
I won’t go into the nitty-gritty details of how HITRUST started and what exactly the framework encompasses. You can read much of that on the organization’s own website, including this synopsis:
“Developed in collaboration with information security professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements. By continuing to improve and update the framework, the HITRUST CSF has become the most widely-adopted security framework in the U.S. healthcare industry. This commitment and expertise demonstrated by HITRUST ensures that organizations leveraging the framework are prepared when new regulations and security risks are introduced.”
Boiled down, this means that the HITRUST CSF neatly packages the healthcare industry’s copious and complex compliance standards into a single framework. This is a win-win scenario for solution providers and healthcare companies alike.
How exactly did Talix earn this certification?
First of all, it’s important to note that there are actually two levels of HITRUST CSF assurance: self-assessment and validation.
Naturally, Talix has opted for the more difficult certification path for the past two years. And I’m going to be honest—it’s an arduous six-month testing process that many companies struggle to pass. That’s because, over this period of time, the assessor scrutinizes your technology inch by inch to determine maturity across five different question areas:
Ultimately, HITRUST Certification requires a minimum score of 3 in each of these five areas, and I’m pleased to report that Talix scored the maximum 5 in almost every case. The maturity of our application security isclearly baked in at the deepest level.
But here’s why earning the HITRUST certification is a really big deal that sets Talix apart
First, as mentioned previously, becoming HITRUST Certified is a rigorous and comprehensive process that not every company or application can manage. That’s why displaying this designation does more than show that we“meet standards.” Rather, it demonstrates our company’s unwavering commitment to delivering a secure product and protecting our customers. You can tell that Talix places a huge priority on security by the time and effort we expend in succeeding at this task.
Secondly, this certification is a big deal because it’s not just about technology. When we undertake a full validation assessment, it’s avast, multi-department effort. Over the course of the testing process, we must provide input not only from Engineering, but also from IT (with respect to the security of our own internal office equipment across all locations); Sales(with respect to meeting customer needs); HR (with respect to ensuring background checks on all our employees). It’s truly all-encompassing, covering every single policy, procedure, and element of our physical and operational efficiency and security.
Finally—and here’s where I’m really going to brag for a moment—Talix stands apart from many tech vendors in this space because we’ve done this certification process twice now. Earning the certification in back-to-back years is tougher than you might imagine, too, because we not only had to ensure that what we did the first time around is still functional and in place, but we also had to show how we’ve improved on our initial work. Why? Because security and compliance requirements are constantly shifting, so technology like ours cannot remain stagnant. We must continue to adapt and get better, year after year, to keep up with our customers’ changing needs.
In summary, we hope our customers—and indeed every company in the healthcare space—take the HITRUST Certification status seriously. We certainly do. Make no mistake: Talix has placed the utmost importance on security from day one. We incorporate a multi-pronged approach across the board, from monitoring and dataloss protection to logging and regular auditing. It’s truly part of our DNA asa company. We encourage you to learn more about HITRUST CSF, and connect with us if you have questions regarding your data protection. We’re here to help.