Rochester RHIO is proud to announce that it has achieved HITRUST Common Security Framework (CSF) Certification. The HITRUST certification is recognized as one of the most rigorous frameworks for compliance and cybersecurity in the country, and is considered a national industry benchmark.
The scope of the overall assessment is around the Rochester RHIO’s Health Information Exchange (HIE), and the associated Security and Privacy controls associated with securing the system. The scope consists of the Consent Management, Identity Management and Security, Patient Record Lookup, and Secure Messaging. The options and factors selected for the assessment were: CSF Comprehensive Security & Privacy Assessment (Validated) including Regulatory Risk Factor: EHNAC Accreditation.
This achievement means that Rochester RHIO is ensuring that security, legal, and privacy standards are being maintained to help safeguard our community's healthcare data flowing through our health information exchange. Version 9.1 of the HITRUST CSF certification measures compliance for HIPAA, ISO, NIST, PCI, state laws, and other regulations and business requirements that affect Rochester RHIO.