What TigerText’s HITRUST Certification Means for You


Jul 27, 2016 Christopher Lumby, Senior Director of Product Marketing

Vetting the claims of secure messaging vendors can be tricky. Ask any hospital that has gone through an RFP process recently and they’ll likely describe a confounding experience of attempting to standardize vendors’ security models in a way that will allow them to be evenly compared.

Today, most secure messaging vendors list HIPAA-compliance in their marketing materials, but barring an independent review, this self-anointed claim generally goes unchecked. No doubt the Joint Commission’s guidelines on protecting patient information have been critically important to setting privacy standards, but actual verification remains elusive since the Joint Commission doesn’t vet claims or police vendors. Instead, they rely on the vendors themselves to self-adhere to the guidelines. This is where HITRUST steps in.

What is HITRUST Certification?

HITRUST logo
HITRUST is an acronym for the Health Information Trust (HITRUST) Alliance, an independent testing organization that issues the Certified Security Framework (CSF) certification to vendors who successfully pass their rigorous security evaluation. HITRUST CSF certification indicates that an organization has met industry-defined requirements and is appropriately managing risk when protecting patient data. It’s similar to having TSA pre-boarding clearance at the airport – you breeze through security because you’re a known quantity that’s been pre-verified.

Here’s how the process works. Over the course of many months, HITRUST conducts multiple rounds of security audits that highlight potential vulnerabilities, by which the vendor then makes corrections and resubmits its solution for further testing until the solution receives a passing grade across all categories. For TigerText, this process took seven months and numerous rounds of updates to meet HITRUST’s stringent guidelines. The testing criteria included 172 baseline controls across 19 domains, and generated more than 500 written ratings and responses. Needless to say, no stone was left unturned and we are extremely pleased to be the first vendor of our kind to achieve the HITRUST CSF certification.

What This Means for Our Customers?

Now, for the important part: What does this mean for you? For TigerText customers, it means added security and peace of mind that TigerText will keep your data safe where others may not. For those still looking to buy a secure communications solution, it means a faster, easier selection process and reassurance that you choose the healthcare industry’s most vetted secure product. More benefits you can expect include:

  • $300,000 in cost savings per audit in audit requests and internal assessment time
  • Faster RFP evaluation cycles (most hospitals waive the lengthy security review for HITRUST certified vendors.)
  • Confidence knowing your solution has been independently verified by the gold standard in security review programs and will continue to be reviewed every two years

Furthermore, 19% of healthcare practices reported a security breach within the last year and 74% of healthcare practices are not encrypting data on their mobile devices, according to Netiq’s 2015 Cyberthreat Defense Report. If security and protecting patient data is truly a priority for your organization, going with a HITRUST CSF certified vendor like TigerText will give you one less thing to worry about.

Want to see what a HITRUST certified secure messaging platform looks like?

Request a Demo