It met standards in 19 domains.
(Press Release) CHARLOTTE, NC — Eye Care Leaders, which provides performance solutions to ophthalmology and optometry practices, announced that all of its software products, as well services such as revenue cycle management and hosting, have earned Certified status for information security by Hitrust.
Hitrust CSF (Common Security Framework) Certified status demonstrates that ECL has met key regulations and industry-defined requirements and is appropriately managing risk. By including federal and state regulations, standards and frameworks and incorporating a risk-based approach, the Hitrust CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
“Eye Care Leaders is the only ophthalmology-specific electronic health records (EHR) provider to have this certification,” said Martin Ignatovski, ECL’s chief information and compliance officer. “This is the highest recognition in security compliance that an organization can achieve in the healthcare market, which further demonstrates Eye Care Leader’s dedication to quality and patient security.”
Ignatovski noted that obtaining Hitrust CSF certification required months of preparation, reviews and audits. “Healthcare providers and their business associates have multiple compliance requirements and obligations, and they must guard their systems against ransomware and other cybersecurity threats that could compromise patient health information (PHI),” he said. “The advantage of the Hitrust certification is that it ensures that business associates and the providers they serve comply with multiple standards and controls within the broad, rigorous framework, including HIPAA, HITECH, ONC, MU, ISO27001/27002, NIST, COBIT, and others. Furthermore, a Hitrust certification can scale as the organization grows and develops.”
“Hitrust CSF includes controls across 19 various domains,” Ignatovski added. He said ECL met all of its obligations across all of the domains, which include:
- Data encryption, both at rest and in transit.
- Password management.
- Access controls.
- Various administrative controls, from employee background check to physical security.
- Server and workstation controls.
- Network protections.
- Incident responses and management.
- Properly handling data across the board.
“Hitrust demands expertise and dedication from health information technology providers,” added Arun Kapur, ECL’s president of software and technology. “Our clients can be confident that their software and services are fully prepared to meet continually changing government regulations and security measures.”
“Hitrust has been working with the industry to ensure the appropriate information protection requirements are met when sensitive information is accessed or stored in a cloud environment. By taking the steps necessary to obtain Hitrust CSF Certified status, ECL is distinguished as an organization that people can count on to keep their information safe,” said Ken Vander Wal, chief compliance officer, Hitrust.