Over the past decade, HITRUST CSF certification has become the gold standard in healthcare compliance. But achieving this standard on the public cloud is a significant challenge for many organizations — especially since responsibility is shared across several parties.
That’s why we’re pleased to see that HITRUST has released a Shared Responsibility Matrix for Amazon Web Services and Microsoft Azure. The matrices were jointly developed with those cloud platforms, and are available for public download.
The matrices provide baseline requirements and shared controls for more than 500 (!) assessment domains. It’s a great starting place for any organization trying to build AWS or Azure environments to HITRUST standards.
Sample of Azure HITRUST RACI. Source: HITRUST.
Logicworks helps dozens of healthcare organizations maintain HITRUST compliance, and maintains its own HITRUST Responsibility Matrices that further differentiate responsibilities of the cloud provider vs. Logicworks (as Managed Services Provider) vs. the customer. (To see our HITRUST Responsibility Matrices, contact us.) We expect to leverage the new responsibility matrices released by HITRUST to provide more detail to customers on application-level controls.