The HITRUST RightStart Program: An Accelerated Path to Compliance for Startups

Any business that handles protected health information (PHI) and other sensitive data is required to comply with all data protection regulations in vigor. But what happens when a business is in the startup phase with no track record of success? The HITRUST RightStart Program™ is designed to help startups achieve the certification they need, even if they are not yet operational or do not have a current history of compliance.

The HITRUST RightStart Program ensures that a developing company that has a responsibility to safeguard sensitive information is truly ready to launch. It also gives prospective customers and clients peace of mind about the emerging company and its products and services.

What is HITRUST CSF® Certification?

The HITRUST CSF® Certification program is designed to offer a standardized and objective risk-based compliance assessment and framework for virtually any industry. A business that achieves HITRUST CSF Certification has proven itself to be compliant with relevant regulations and has high-level and enduring commitment to ongoing compliance.

Who is the HITRUST RightStart Program Designed For?

The full HITRUST CSF Certification was designed to be a benchmark standard and can be used by any organization—in the medical industry or which handles healthcare data—or not. On the other hand, the HITRUST RightStart Program was specifically designed for new businesses and startups that need assistance getting certification.

Organizations in the Healthcare Industry

For companies operating in the healthcare industry, assessment of HIPAA compliance can be added as a regulatory factor included in the assessment’s scope. Certification is recognized across the industry as a benchmark standard and one that proves the organization has met stringent standards of excellence when it comes to HIPAA compliance.

Related article: How the HITRUST CSF is Expanding Beyond the Healthcare Industry.

New Organizations in Any Industry

A new digital product or service must be able to prove that it is reliable, useful, and above all, compliant with all industry standards and regulations. This can be a confusing and challenging process, so the HITRUST RightStart Program was created to guide new businesses and divisions through the rigorous process. By using the HITRUST RightStart Program a new business can manage risk and give prospective clients the confidence they need to move forward with a trial or with a purchase.

Any company participating in the HITRUST RightStart Program must:

1. Have been launched or founded within the last three calendar years,
2. Have less than $10 million in revenue, and
3. Have fewer than 50 full-time employees.

Startups that meet these guidelines and that either have a productive service line, or are close to having a productive service line, can benefit from the HITRUST RightStart Program.

How Is the HITRUST RightStart Program Different?

While existing businesses can prove their compliance and readiness by showcasing past performance and records and already have data to draw on, a new business does not. The creation of the HITRUST RightStart program is designed to address the specific needs of a new business and ensure that they can prove compliance, despite not having a recent history of success.

Benefits of the HITRUST Program for New Businesses and Startups

The HITRUST® program grew from an industry-wide effort to solve some compliance issues created by HIPAA. In 2007, HITRUST launched with the goal of creating a standardized, industry-wide framework with specific baselines that enable existing businesses to ensure compliance in their own organizations. The HITRUST CSF was created specifically for health care and to address the common challenges businesses face when handling PHI. Since that time, the HITRUST CSF has expanded outside of healthcare to become industry-agnostic, in addition to being scalable and easy to customize based on a company’s individual needs.

The HITRUST RightStart Program extends many benefits to new businesses, including:

• A clear path to HITRUST CSF Certification for new businesses, streamlining the process and clearly detailing what is needed.
• Information about risk management, creating effective security measures, and information privacy policies.
• A single, standardized comprehensive assessment that may be scoped to include over 40 different authoritative sources in one package, making the compliance process far more efficient.
• An easy-to-use and understand process for startups, particularly those entering the industry for the first time.
• Trusted, industry-wide acceptance of results and certification, providing new businesses the ability to gain trust and prove compliance in a competitive marketplace.

What is Included in the HITRUST RightStart Program?

According to HITRUST, the following components are included in the tailored and targeted RightStart Program for new business and healthcare initiatives:

• The HITRUST CSF: An inclusive, comprehensive risk- and compliance-based security and privacy controls framework.
• HITRUST CSF Assurance Methodology: A clear and streamlined approach to assessing and reporting against the HITRUST CSF preparing a new business for the security challenges and threats that today’s organizations face.
• Education: Targeted training and programs designed to guide an organization towards success and compliance, with support and comprehensive resources.
• Access to the HITRUST MyCSF Assessment Platform: An intuitive and easy to use SaaS solution designed to perform assessments, plan corrective actions, and integrate with major platforms and the HITRUST Assessment XChange™.
• HITRUST Annual Conference, HITRUST Collaborate: The most comprehensive and definitive information risk management conference for privacy, security, and compliance professionals.

Find out more about the HITRUST RightStart Program here.

Get Help with the HITRUST RightStart Program

The HITRUST RightStart Program can help simplify the compliance process for a new company and provide much-needed proof of compliance that allows for more successful marketing and operations, right from the start. Organizations completing this process can proceed with confidence, knowing they are truly ready for the challenges of handling and securing sensitive information and data in today’s increasingly complex environment.

Discover what this process and certification can do for you and get the help you need to complete the process quickly; contact our team today at 215-675-1400 or request a free quote.

About The Author

Robert Godard

Robert is a Principal with I.S. Partners, LLC’s Business Process/Advisory Services practice in Horsham, PA. Robert has conducted a variety of Financial Statement Audits for a range of industries such as banking, healthcare, payroll, employee benefit plans (Pension, Health and Welfare), Unions and Construction.

Robert’s specialty is in audits of IT Controls and Infrastructure, Financial Statements, SOC 1 and SOC 2 audits, HITRUST CSF Assessments, Model Audit Rule (MAR), including evaluating business process as well as IT General Controls surrounding the reporting of financial information. He also has experience with analyzing Health Insurance information from AmeriHealth, Blue Cross Blue Shield, Express Scripts and Delta Dental. Additionally, Robert has performed audits for Construction and Special Tax related credits (Historical Tax Credits). He has prior work experience using ISSI, Great Plains and Peach Tree.

Prior to joining I.S. Partners, LLC, Robert was employed with Novak Francella in the Financial Statement Audit division, where he worked as an associate on external audit engagements in accordance with GAAP and DOL requirements.

Robert has a Bachelor of Science degree in Finance and Accounting from LaSalle University, Philadelphia, PA.