FSOFT enters final stage of HITRUST certificate audit
After more than 1 year, the project team including more than 10 internal departments at FSOFT, in collaboration with sales units, have undergone many rounds of review assessment and have now successfully reached the final audit stage.
The project is directed by 2 C-levels Mr. Dao Duy Cuong and Mr. Do Van Khac, with FAM as the main sponsor by Mr. Martin Geiger – COO of FAM. Like other certifications at the company level, the HITRUST project mobilizes the participation of many departments including IT, ISM, CTC, SSC, LRC, SEPG, HRPR, etc. with the PM ChieuCC. Mr. Chieu is also a representative of FHN.FHS and FHN.BU9 – two units specializing in Healthcare. FSOFT has gone through the entire evaluation process including Gap analysis, Updating process document to fix gap, Receiving Phase 1 assessment and is in the rush to complete phase 2 assessment (Final Audit) to obtain the HITRUST certificate.
Currently, the project is in the final stage – Final Audit which is also the most stressful phase when it has to meet more than 400 requirements for proof of Fsoft’s compliance with 210 requirements under 19 Domains of the HITRUST standard. This includes large-scale requirements such as collecting information about all servers, wifi modems related to the work area of healthcare projects, requests for access rights, proof of management. During the last 3 weeks of the “sprint”, the project team always had to be ready to handle promptly when there was feedback or request for additional evidence from the A-Lign appraisal evaluator.
Having this certificate is like a “priority ticket” that helps FSOFT reach any customer in the Healthcare field faster. Many large companies require their vendors to have HITRUST and many of FSOFT’s customers are also struggling to get this certification. Possessing the hardest and most secure certification in the Healthcare industry also helps FSOFT build trust with customers in other areas because the healthcare industries always have requirements for information security and data privacy in the healthcare industry.
HITRUST is the most famous certification in the USA for information security in the Healthcare industry. The certificate is built on the synthesis and balance of many other certifications in information security such as ISO, NIST, PCI, FTC, COBIT and a number of HIPAA and HITECH codes. As the name suggests, HITRUST (Health Information Trust Alliance) is a certification framework dedicated to providing organizations with a comprehensive, flexible, and effective approach to regulatory compliance and risk management.
Developed in collaboration with healthcare and information security professionals, HITRUST streamlines healthcare-related regulations and standards into a single overarching privacy framework. HITRUST is certified by A-Lign, which serves to unify privacy controls from federal law (such as HIPAA and HITECH), state law, and non-governmental frameworks into a single framework designed for health care needs.
