To conform with the highest security standards, Hixny complies with HITRUST’s Common Security Framework (CSF) and its Comprehensive Security Assessment. HITRUST certification is a robust, two-year certification that requires an interim-year assessment. As such, we are obligated to continuously maintain all of the controls mandated by the CSF.
2018 Hixny’s system successfully meets the requirements of HITRUST CSF® certification on Version 9.1 for patient information security.
2019 Hixny successfully completes its interim-year certification.
2020 Hixny’s system achieves HITRUST CSF recertification.
Significance of HITRUST CSF Certification
Achieving HITRUST CSF certification indicates that Hixny meets the highest established security standards—including those set by HIPAA and the Centers for Medicare and Medicaid Services (CMS)—and makes the protection of private data a top priority. It helps demonstrate why patients and providers alike can trust us to protect privacy and keep records secure.
The baseline requirements for achieving HITRUST CSF certification are robust, yet Hixny chose to pursue—and achieved—the more rigorous goal of meeting all applicable CSF controls. By implementing these controls comprehensively, we demonstrate a commitment to mitigating those threats and exposures that are most likely to result in a breach.
Through HITRUST, organizations may also choose to include additional controls in its certification process, and we have chosen the following:
Minimum Acceptable Risk Standards for Exchanges (MARS-E)
Established by CMS as part of the Affordable Care Act to set stringent security criteria for health insurance exchanges— like the New York State of Health—to protect personal identifying information (PII), personal health information (PHI) and federal tax information. Meeting these higher standards established Hixny among the most secure HIEs in the nation.
NYS Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500)
Ultimately, the certification of Hixny’s system requires demonstrating proper policy and procedure documentation for, and adequate implementation of, well over 850 controls across the following 19 security domains:
- Information Protection
- Endpoint Protection
- Portable Media Security
- Mobile Device Security
- Wireless Security
- Configuration Management
- Vulnerability Management
- Network Protection
- Transmission Protection
- Password Management
- Access Control
- Audit Logging and Monitoring
- Education, Awareness, and Training
- Third Party Assurance
- Incident Management
- Business Continuity and Disaster Recovery
- Risk Management
- Physical and Environmental Security
- Data Protection and Privacy
Additional Security Measures
In addition to HITRUST CSF certification, Hixny monitors, audits and assesses our own network, processes and employees—both internally and through third-party security experts with whom we partner. These additional measures are taken to ensure continued awareness at all levels of the organization and secure Hixny from outside threats.
Security Assessment Requests
Our HITRUST certification is robust and covers or exceeds what is required by third-party security assessments. However, if your organization would like Hixny to complete a security assessment for you or your third-party vendor, you may contact us. These assessments are subject to a per-hour fee, which we will discuss directly with you or your vendor.
Questions and Concerns