HITRUST

HITRUST

The Health Information Trust Alliance, known as HITRUST, was founded in 2007. HITRUST aims to help organizations manage risk and compliance with the HITRUST Common Security Framework or HITRUST CSF. Jump to resource links -->

What is the HITRUST CSF?

The HITRUST CSF brings HIPAA compliance together with other security and privacy frameworks, such as NIST and ISO, to ensure organizations are properly conforming to HIPAA and other regulations. The certifiable framework is designed to provide a comprehensive yet flexible approach to regulatory compliance and risk management. It enables organizations with different risk profiles to customize security and privacy baselines based on organization type and size, as well as systems and regulatory requirements. Due to its flexibility and alignment with a variety of national and international regulations and standards, the HITRUST CSF has become a widely used privacy and security framework across all industries. It’s the most widely adopted security control framework in the U.S. healthcare industry, with more than 80 percent of hospitals and health plans having implemented it.

What is HITRUST Certification?

Because there is no true HIPAA certification, many organizations required to comply with HIPAA opt to pursue HITRUST CSF Certification. There are three stages in the HITRUST certification process:

  1. Self-assessment – In the first phase in the HITRUST certification process, organizations conduct an initial self-assessment to identify the applicable categories of control requirements that impact their organization among the 19 total categories. Organizations then identify gaps, or areas in which they’re currently falling short of meeting requirements, rank them according to risk level, and implement changes to address them. Organizations can also conduct a self-audit using the HITRUST Alliance’s MyCSF tool or opt for a facilitated self-assessment with the help of an assessor.
  2. Validated assessment – The validated assessment is conducted by a certified CSF assessor or an independent third-party who evaluates each control requirement and rates the organization’s compliance with each control.
  3. HITRUST certification – After the validated assessment is complete, the assessor submits the validated assessment to HITRUST for review and validation. If the review determines that the organization adequately meets the relevant control requirements, HITRUST issues a certification specific to the factors outlined in the scope. HITRUST certification is valid for two years given a successful interim review, which takes place 12 months from the date of the original assessment.

Why is HITRUST Compliance Important?

Given that the HITRUST CSF is the most widely used security framework in the healthcare industry, several industry leaders now require HITRUST compliance of their Business Associates. As a result, HITRUST compliance is essential for businesses that partner with or provide services to many of the major companies in the healthcare sector.

Even for those that don’t require HITRUST compliance, having a HITRUST certification is a major selling point for companies seeking to do business in the healthcare industry, as it provides added reassurance that your company is compliant with not just HIPAA but also other relevant regulatory requirements and frameworks. No healthcare organization wants to put its patients’ sensitive data at risk, so partnering with and utilizing the services of companies that have proven HITRUST compliance is a smart and strategic business decision.

What Are HITRUST Requirements? image
BLOG

What Are HITRUST Requirements?

The HITRUST CSF is a framework designed and created to streamline regulatory compliance. Companies that implement HITRUST CSF controls and strive to meet HITRUST requirements are better equipped for audits and lower their regulatory risk, but what are those requirements?

Grant Barrick

Grant Barrick

5 Steps to HITRUST CSF Certification image
BLOG

5 Steps to HITRUST CSF Certification

Complying with HIPAA and proving it are two very different things. Let us show you the 5 Steps to HITRUST CSF Certification.

Laleh Hassibi

Laleh Hassibi

What is the Cost of HITRUST CSF Certification in 2020? image
BLOG

What is the Cost of HITRUST CSF Certification in 2020?

The costs for a HITRUST Certification in 2020 have gone up as the HITRUST CSF has evolved and become more complex.

Grant Barrick

Grant Barrick

Who is HITRUST CSF Certified? image
BLOG

Who is HITRUST CSF Certified?

The HITRUST certification is the highest Degree of Assurance a company can obtain. The HITRUST certification is increasingly required of business associates by some entities, such as health insurance providers, in order to ensure that business associates have the adequate security controls and protections in place to protect sensitive personal data.

Grant Barrick

Grant Barrick

What is a HITRUST CSF Self-Assessment? image
BLOG

What is a HITRUST CSF Self-Assessment?

Here’s what you need to know about the HITRUST CSF Self-Assessment, how it works, and how to determine if the self-assessment option is sufficient for your organization.

Grant Barrick

Grant Barrick

What is HITRUST? image
ACADEMY

What is HITRUST?

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

Travis Good, MD

Travis Good, MD

What is the HITRUST Framework? image
BLOG

What is the HITRUST Framework?

Most don't realize HITRUST is not a framework at all, but an organization comprised of healthcare industry leaders. Let's dive into the HITRUST CSF Framework, developed by the HITRUST organization, in partner with other technology and information security leaders.

Grant Barrick

Grant Barrick

Azure Cosmos DB Guide - How to configure Cosmos DB to comply with HIPAA and HITRUST image
ACADEMY

Azure Cosmos DB Guide - How to configure Cosmos DB to comply with HIPAA and HITRUST

This guide is intended to give developers a simple way to configure their Cosmos DB service to be HITRUST CSF ready. In this guide we’ll walk through the requirements, controls, and configurations for Azure Cosmos DB.

Ryan Rich

Ryan Rich

AWS RDS Guide - How to configure RDS to comply with HIPAA and HITRUST image
ACADEMY

AWS RDS Guide - How to configure RDS to comply with HIPAA and HITRUST

This guide is intended to give developers an easy to understand, step by step runbook for configuring their AWS RDS instance to be HITRUST CSF ready. In the following sections we’ll walk through the requirements, controls, and configurations for RDS.

Ryan Rich

Ryan Rich

HIPAA vs HITRUST image
BLOG

HIPAA vs HITRUST

HITRUST and HIPAA are two critical topics in healthcare, but do you know how they differ? Let's break it down and explore additional resources to learn more.

Grant Barrick

Grant Barrick

How to Optimize your Compliance Posture with a Maturity Model image
ACADEMY

How to Optimize your Compliance Posture with a Maturity Model

In this guide, we will walk you through the reasoning, structure, and ways to leverage a maturity model, such as the HITRUST maturity model, to optimize your compliance posture.

Travis Good, MD

Travis Good, MD

Steps to Climbing the Maturity Model image
ACADEMY

Steps to Climbing the Maturity Model

Getting started with compliance on the cloud is easiest if you have a stepwise approach like the 5-level maturity model outlined in this post.

Travis Good, MD

Travis Good, MD