Azure expands certification scope of Health Information Trust Alliance Common Security Framework
I’m proud to announce that our Azure Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) Certification was not only renewed by HITRUST, but our certification scope has expanded from last year by more than 250 percent! The HITRUST CSF Certification is the most widely recognized security accreditation in the healthcare industry. The HITRUST CSF builds on Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, by providing a framework for complex compliance requirements that include technical and process elements such as HIPAA, National Institute of Standards and Technology (NIST), The Information Services Office (ISO) and Control Objectives for Information and Related Technologies (COBIT) to ensure controls are in place to safeguard Protected Health Information (PHI).
Health customers can further leverage our HITRUST CSF Certification as part of their own certification process when they build on Azure. To accelerate adoption and utilization for customers managing health data, we also recently released the Azure Security and Compliance Blueprint – HIPAA/HITRUST Health Data and AI, which provides tools and guidance for building HIPAA/HITRUST solutions.
Our greatly expanded HITRUST CSF assessment is another indication of our commitment to safeguarding information and maintaining the trust of our customers and the members they serve.
“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive information is accessed or stored in a cloud environment. By taking the steps necessary to obtain HITRUST CSF Certified status, Microsoft Azure is distinguished as an organization that people can count on to keep their information safe,” said Ken Vander Wal, Chief Compliance Officer, HITRUST.
Learn more by taking a closer look at the Official Letter of Certification.
You can also learn more about the Trust Center and all Microsoft products that comply with HIPAA and HITRUST.
The following is a complete list of Azure services included in this HITRUST certification spanning Azure, Azure Government, and Azure Germany clouds:
- Compute: Batch, Cloud Services, Functions, Service Fabric, Virtual Machines, Virtual Machines Scale Sets
- Containers: Azure Container Service
- Networking: Application Gateway, Azure DNS, Azure Network Watcher, ExpressRoute, Load Balancer, Traffic Manager, Virtual Network, VPN Gateway
- Storage: Backup, Cool Storage, Data Lake Store, Import/Export, Premium Storage, Site Recovery, Storage (Blobs, Disks (including Managed Disks), Files, Queues, Tables), StorSimple
- Web + Mobile: App Service: API Apps, App Service: Mobile Apps, App Service: Web Apps, Azure Search, Media Services
- Databases: Azure Cosmos DB, Azure Database for MySQL, Azure Database for PostgreSQL, Redis Cache – including Premium, Azure SQL Database, SQL Data Warehouse, SQL Server Stretch DB, SQL Virtual Machines
- Data + Analytics: Azure Analysis Services, Azure Bot Service, Data Lake Analytics, HDInsight, Machine Learning, Stream Analytics
- Internet of Things: Event Hubs, Internet of Things (IoT) Hub, Notification Hubs, Time Series Insights
- Enterprise Integration: API Management, Data Catalog, Logic Apps, Service Bus
- Security + Identity: Azure Active Directory (Free, Basic, Premium), Azure Active Directory B2C, Azure Active Directory Domain Services, Azure Information Protection, Key Vault, Multi-Factor Authentication, Security Center
- Developer Tools: Application Insights, Azure DevTest Labs
- Monitoring + Management: Automation, Azure Advisor, Azure Monitor, Azure Resource Manager, Log Analytics, Microsoft Azure Portal, Scheduler
- Additional Microsoft Online Offerings: Microsoft Cloud App Security, Microsoft Flow, Microsoft Graph, Microsoft Intune, Microsoft Power BI (including Embedded), Microsoft PowerApps, Microsoft Stream
Source: Azure Blog Feed