Select Page

BioIQ validates its commitment to meeting key healthcare regulations and protecting sensitive healthcare information.

BioIQ recently earned Certified status for information security by the Health Information Trust (HITRUST) Alliance, which was founded on the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. With the HITRUST CSF Certified Status, BioIQ meets key healthcare regulations and requirements for protecting and securing sensitive private healthcare information.

BioIQ Chief Compliance Officer and HIPAA Privacy and Security Officer, Wes Rhea, explains the importance of earning the HITRUST CSF Certified status.

Starting with the basics, what is the HITRUST CSF?

Wes: The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. In short, the CSF Certification is now the benchmark that organizations required to safeguard PHI are measured against with regards to information protection.

What does achieving CSF Certified status mean for BioIQ and its clients?

Wes: Earning this status means BioIQ has met industry-defined requirements and is appropriately managing risk. Healthcare providers are under great pressure to meet complex compliance requirements that include technical and process elements such as HIPAA, NIST, ISO and COBIT. The HITRUST CSF is the gold standard that needs to be met, and BioIQ is pleased to be able to offer our clients assistance to achieve this. It shows BioIQ’s level of commitment in protecting our client’s data.

What was the process for achieving this certification? How long does it take?

Wes: Before starting the certification process, we followed HITRUST’s recommendation of completing a self-assessment or readiness assessment to help prepare BioIQ for the validated assessment. To begin the certification process, we selected a HITRUST Assessor. After that, BioIQ completed the validated assessment using the MyCSF tool and then the assessor performed the validation and audit work. Once the assessor’s work was complete, we submitted our assessment to HITRUST for review. The entire process from the self-assessment to receiving our HITRUST certification took about 15 months.

Does the CSF Certified status require renewal after a certain period of time?

Wes: HITRUST CSF reports with certification are valid for two years – given the successful completion of an interim review.

Who from BioIQ was involved with the process?

Wes: This project was a success thanks to the dedication of Ruth Mwangi, Aaron Campos, Kyle Campos and David Dover, our compliance consultant.


Wes Rhea provides executive leadership to help BioIQ meet growth challenges through centralization of all privacy and information security. His objective is to protect client data while enabling the business to succeed. He is responsible for developing, maintaining and reviewing the company’s privacy and information security policies and procedures.

Share This