Compliance
Hilltop is committed to maintaining the highest standard for security, privacy, and regulatory compliance in all aspects of its work. Our compliance framework integrates nationally recognized standards and institutional requirements to ensure the responsible handling of sensitive data and the integrity of our operations.
HITRUST
HITRUST is a certifiable security and privacy framework that harmonizes multiple standards and regulations – including HIPAA, NIST, ISO and GDPR – into a single Common Security Framework(CSF). It provides a structured, risk-based approach to managing information security, privacy, and compliance across organizations handing sensitive data.
HITRUST & Hilltop
Hilltop achieved HITRUST i1 Certification to strengthen its cybersecurity posture and demonstrate operational compliance. This certification reflects validated assessments and formal alignment with HIPAA security controls. Hilltop currently serves as a Trusted Data Partner for the Maryland Department of Health, and this certification further reinforces that role by demonstrating our commitment to securely managing state health data. We continue to work with state partners to clarify how HITRUST certification integrates with this designation.
What This Means For Clients
Clients can be confident that Hilltop meets rigorous, independently validated security and privacy standards for handling sensitive health information. This reduces risk, strengthens data protections, and supports compliance with federal and state requirements.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for protecting health information, including requirements under the Privacy Rule, Security Rule, and Breach Notification Rule.
HIPAA & Hilltop
As a business associate of the Maryland Department of Health, Hilltop manages Medicaid and related datasets under strict HIPAA compliance. All systems, processes, and workflows adhere to HIPAA-mandated security and privacy requirements to protect the confidentiality and integrity of protected health information (PHI).
What This Means For Clients
Clients benefit from assurance that their data are handled in accordance with federal privacy and security standards, ensuring responsible stewardship of health information throughout its lifecycle.
UMBC Compliance
UMBC’s compliance framework governs research integrity, data security, and adherence to federal and institutional regulations. This framework aligns with University System of Maryland IT standards and incorporates emerging federal requirements, including NSPM-33, which strengthens national standards for research security and disclosure.
UMBC Compliance & Hilltop
As a center within UMBC, Hilltop aligns with these institutional standards to uphold ethical research practices, strong data governance, and regulatory compliance across collaborative projects and initiatives.
What This Means For Clients
Clients gain confidence knowing that Hilltop operates within a university system committed to ethical research, strong governance, and comprehensive regulatory compliance.
CMS Compliance
Compliance with the Centers for Medicare & Medicaid Services (CMS) requirements involves implementing robust programs for fraud prevention, auditing, and adherence to federal regulations, including those outlined under 42 CFR.
How It Applies to Hilltop
Hilltop integrates CMS compliance requirements into its managed care analytics, monitoring, and reporting processes. This supports program integrity and regulatory adherence for Medicaid and CHIP services administered in partnership with the State of Maryland.
What This Means For Clients
Clients can rely on Hilltop’s adherence to CMS standards to ensure accurate, secure, and transparent program operations that align with federal expectations.
Our Commitment
Hilltop continuously evaluates and strengthens its compliance practices to ensure alignment with evolving regulatory requirements and best practices. Our integrated approach safeguards data, supports transparency, and affirms our role as a trusted analytical and research partner to state agencies and stakeholders.