Freedom to Adopt HITRUST CSF Compliance

March 13, 2017

Freedom to Adopt HITRUST CSF Compliance and Certification Practices

MILTON, WI – Freedom has continued to focus its attention on the growing concern and demand of information security as it relates to protected health information (PHI). Many healthcare organizations are increasingly dependent on business associates to create, receive, transmit, or process PHI and patient data. Elevated regulatory requirements over the past decade require stricter controls for healthcare organizations, as well as their related business associates. As a business associate, Freedom agrees that this sensitive information should be protected with the highest regard.

“Increasing regulatory and contractual requirements for covered entities and business associates demand implementation and maintenance of stronger controls over the use and disclosure of PHI. These organizations are required to demonstrate their ability to secure and safeguard PHI through an effective risk management program” states Marty Liebert, President and CEO of Freedom. “We have been focusing on data security for over a decade working with external independent auditors to validate the effectiveness of our information security and risk management programs. Security from desktop to dock door has been part of Freedom’s culture and DNA since the inception of the company. As the regulatory compliance requirements increase, so does our direction for the protection of PHI.”

Most healthcare organizations are now leveraging the Health Information Trust (HITRUST) Alliance Common Security Framework (CSF) as a standard to design and implement data security systems. The HITRUST Alliance has collaborated with leaders from the healthcare and information security realms to develop this framework, and the CSF provides a clear and concise structure for securing and safeguarding this PHI. Liebert adds: “This framework aligns with the initiatives Freedom implemented years ago, and adds to the integrity of our systems. Choosing the adoption of this framework and becoming HITRUST CSF Certified was a decision Freedom felt was a match for continued work with healthcare entities. With this certification, we can now provide the assurance that we are fully committed to protect the sensitive data of our healthcare entities. We anticipate receiving our official HITRUST CSF Certification by the end of October, 2017.”

Liebert also adds: “Freedom has worked for years at adapting our comprehensive Security Management System to mitigate ever-changing risks and meet requirements. Data security has many ancillary benefits including improved product quality. As a part of this continuous process, our systems are assessed and accredited by external independent audit firms. Our compliance road map included the SAS 70 audit process. We realized that this ‘one-size fits-all’ approach was outdated and did not fit the requirements for truly safeguarding the security and confidentiality of our customers’ data. We have since achieved the SOC2 Type2 Compliance and continue to work with recognized audit CPA firms to maintain that compliance annually. In addition, the Qualified Security Assessors that we work with attest to our PCI compliance. Freedom has maintained annual compliance with the Payment Card Industry Data Security Standard (PCI-DSS Level 1 Certified) since 2012.”

Freedom is one of the largest privately held direct mail companies in the United States with five manufacturing facilities strategically located throughout North America. Specializing in the production of loyalty & acquisition direct mail programs, Freedom offers “inline” &“offline” traditional and 4-color fully-variable digital printing, in-house lettershop, extensive laser & inkjet personalization capabilities, mailing services, in-house commingling, logistics, and multi-channel marketing solutions supported by a proprietary client interface & campaign management technology platform.