Securing Member Data with HITRUST Certified Electronic Data Interchange Systems

Blues Perspectives

| 3 min read

In today's digitally driven world, safeguarding sensitive information is paramount. The Blue Cross Blue Shield of Michigan IT and Enterprise Information Security teams constantly work to ensure our data interchange systems provide the highest protection for members' data.
That work has resulted in the achievement of HITRUST Risk-Based, 2-year (r2) Certification for our Electronic Data Interchange (EDI) systems and infrastructure. These systems control the electronic exchange (computer to computer) of business information using a standardized format; a process which allows one entity to send information to another entity electronically rather than with paper.

Certifiably Secure

HITRUST Risk-based, 2-year (r2) Certification demonstrates the organization’s Electronic Data Interchange (EDI) system has met demanding regulatory compliance and industry-defined requirements and is appropriately managing risk. This achievement places Blue Cross Blue Shield of MI in an elite group of organizations worldwide that have earned this certification.
By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
In our current digital landscape healthcare organizations are tasked with handling vast amounts of sensitive data, including personal health information (PHI). Protecting this data is not only a legal requirement but also crucial for maintaining trust with members and providers. HITRUST Certification offers an industry-recognized standard for assessing and validating an organization's information security systems, providing assurance that appropriate safeguards are in place.

Putting in the Work

Achieving HITRUST Certification for BCBSM Electronic Data Interchange Systems is no small feat. It involves a thorough assessment of our security controls, policies, and procedures against the HITRUST Common Security Framework (CSF). This comprehensive framework encompasses a wide range of domains, including information protection, access control, risk management, regulatory compliance, and incident response. By successfully meeting the stringent requirements of the HITRUST CSF, we demonstrate our commitment to maintaining the highest standards of security and compliance.
For our members, HITRUST Certification provides peace of mind knowing that their personal and health information is handled with the utmost care and security. HITRUST Certification is considered the gold standard across industries for data security and is currently utilized by 75% of Fortune 20 companies and 80% of top cloud service providers.
By adhering to rigorous security standards, BCBSM minimizes the risk of data breaches and unauthorized access, ensuring the confidentiality, integrity, and availability of sensitive information to improve healthcare access and ultimately, health outcomes.

Looking Forward

While achieving HITRUST r2 Certification is a significant milestone, our work is far from over. We remain dedicated to continuously improving our data systems and adapting to evolving threats and regulatory requirements.
Through stringent security practices, investment in technology, and collaboration with industry partners, we will continue to safeguard the privacy and security of our members' data, which is what ultimately enables us to provide members with the resources, coverage, and access to care needed to help them live their healthiest lives.
Keep reading:
Photo credit: Getty Images
MI Blues Perspectives is sponsored by Blue Cross Blue Shield of Michigan, a nonprofit, independent licensee of the Blue Cross Blue Shield Association