LuxSci Pursuing HITRUST Certification

January 30th, 2020

Update: As of June 7th, 2020, LuxSci’s services are HITRUST CSF certified for HIPAA, GDPR, and Massachusetts Privacy Law.  See: Announcement of HITRUST CSF Certification.

LuxSci is working toward its HITRUST certification as part of our constant efforts to meet the highest levels of security and compliance. The threat landscape and regulatory environment are ever-evolving, and LuxSci is on track to be HITRUST CSF Level 3 certified (for HIPAA and GDPR, among other things) by the third quarter of 2020.

While LuxSci already follows the best practices in a variety of areas, the HITRUST certification is an industry-standard, ongoing, evolving, independent third-party review that shows just how committed we are to providing secure and compliant solutions and which enables anyone to really trust that LuxSci is doing all the right things.

HITRUST is an association that was formerly known as the Health Information Trust Alliance. A group of organizations came together in 2007 to develop the HITRUST Common Security Framework (CSF). The HITRUST CSF includes elements of a variety of different standards such as:

  • HIPAA
  • ISO/IEC 27000-series
  • NIST 800-53
  • PCI-DSS

How Does the HITRUST Certification Help?

By establishing a framework that encompasses many other important sets of regulations, the HITRUST certification makes it easier to provably meet all of the different requirements in a streamlined manner.

The framework is especially critical for organizations in the healthcare field and those that process electronic protected health information (ePHI), but it is also useful for security and compliance in other situations, such as GDPR.

The HITRUST certification is beneficial for any organization that deals with sensitive, valuable or highly regulated data, whether it creates it, transfers it, or processes it in any other way.  This is because the HITRUST CSF certification not only makes it easier to manage risk and compliance, but it also demonstrates to other parties that these critical areas are being properly taken care of.

All of LuxSci’s central services fall within the HITRUST umbrella and will be HITRUST certified. These services include:

  • Secure email hosting
  • Secure email marketing
  • Secure high volume email sending
  • Secure web site hosting
  • Secure form processing

Once LuxSci finishes the HITRUST certification process, its clients can be even more confident that they have chosen a provider that places security first and that LuxSci is committed to staying on top of all of the HIPAA security requirements.  

HITRUST is not a “one and done” process, it is a process that requires yearly refinements, yearly third party reviews, and yearly recertification.

A HITRUST certification proves both that you have all of the needed policies and procedures for compliance (hundreds of them) and that you have properly implemented and are following these policies and procedures.  HITRUST requires organizations to actively prove they are doing the right thing.  It’s not simple. It takes a lot of work and attention and buy in from all levels of an organization.  This is what makes HITRUST so valuable.

LuxSci’s Existing Certifications

LuxSci is 100 percent HIPAA-compliant and undergoes yearly internal and external HIPAA audits, penetration tests, and other internal and external reviews to ensure it continues to go above and beyond the regulations.

On top of this LuxSci maintains a TRUSTe Privacy Certification.  This is a yearly third-party review of LuxSci’s privacy policies and procedures (kind of like a mini-HITRUST for privacy) to ensure that our privacy policies meet industry best practices.  This certification enables LuxSci to keep our US-EU Privacy Shield status.

These certifications ensure that your business can be confident in LuxSci’s services. They let you know that one of the most trusted service providers in the industry is guiding your organization through the security and compliance minefield.

The HITRUST certification is simply another step in our constant effort to ensure that we provide the highest degree of security and compliance in all of LuxSci’s services.