HITRUST® Submits Application to be an Accountability Agent for APEC Certification

August 14, 2019
389 Views

By Anne Kimbol, Chief Privacy Officer, HITRUST

HITRUST has submitted its application to be recognized as an Accountability Agent under the Asia-Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules System (CBPRS) and Privacy Recognition for Processors System (PRPS). We undertook this effort as organizations doing business in and among participating countries wanted to achieve cross-border certification while leveraging the HITRUST CSF and CSF Assurance programs. Once approved, this will further the value of the HITRUST CSF Assurance Program by allowing organizations to obtain an APEC Certification as part of their HITRUST CSF Assessment, expanding the value of “Assess Once, Report Many” and our commitment to One Framework, One Assessment Globally.

As many might not be familiar, the APEC Privacy Framework has long served as an important benchmark for privacy, not just in Asia Pacific region but worldwide.  Currently, the United States, Japan, Canada, Singapore, South Korea, Australia, and Chinese Taipei are participating in the CBPRS and therefore are the APEC economies.

APEC developed, with collaboration from key stakeholders, the CBPRS to allow more free sharing of data between APEC economies. Under the CBPRS, organizations serving as data controllers, or the decision-maker about how the data is collected and processed, can achieve certification of their compliance with the APEC Privacy Framework to allow for cross-border data transfers, reducing liabilities and audits. The PRPS system allows organizations acting as data processors, or organizations using data under the direction of a data controller (similar to a business associate under HIPAA), to achieve certification of their compliance to the extent necessary to fulfill the role of a data processor. APEC has recognized that a controller seeking certification under the CBPRS has a different role as data guardian compared to that of a processor.

If approved as an Accountability Agent, HITRUST will be able to add the APEC CBPRS and PRPS to the standards against which an organization can report compliance and achieve certification using the HITRUST CSF and CSF Assurance programs while simultaneously obtaining APEC Certification.

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management Collaboration
Compliance & Risk Management
shares423 views
Compliance & Risk Management
shares423 views

“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management Collaboration

Lacy Deatrich - Sep 11, 2019

By Jeremy Huval, Vice President, Compliance & Internal Audit Completing HITRUST CSF Assessments will now require less time and fewer…

HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the Cloud
Compliance & Risk Management
shares209 views
Compliance & Risk Management
shares209 views

HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the Cloud

Lacy Deatrich - Jul 08, 2019

By Becky Swain, Director, Standards Development Your cloud provider is certified to comply with all the major regulations for protecting…

HITRUST® Grows Its Privacy Controls and Activities
Privacy
shares1217 views
Privacy
shares1217 views

HITRUST® Grows Its Privacy Controls and Activities

Lacy Deatrich - Jun 05, 2019

By Natalie Leutwyler, Lead Privacy Analyst, and Anne Kimbol, Chief Privacy Officer Recently a number of important privacy initiatives and…