The Health Information Trust Alliance, known as HITRUST, was founded in 2007. HITRUST aims to help organizations manage risk and compliance with the HITRUST Common Security Framework or HITRUST CSF. Jump to resource links -->
The HITRUST CSF brings HIPAA compliance together with other security and privacy frameworks, such as NIST and ISO, to ensure organizations are properly conforming to HIPAA and other regulations. The certifiable framework is designed to provide a comprehensive yet flexible approach to regulatory compliance and risk management. It enables organizations with different risk profiles to customize security and privacy baselines based on organization type and size, as well as systems and regulatory requirements. Due to its flexibility and alignment with a variety of national and international regulations and standards, the HITRUST CSF has become a widely used privacy and security framework across all industries. It’s the most widely adopted security control framework in the U.S. healthcare industry, with more than 80 percent of hospitals and health plans having implemented it.
Because there is no true HIPAA certification, many organizations required to comply with HIPAA opt to pursue HITRUST CSF Certification. There are three stages in the HITRUST certification process:
Given that the HITRUST CSF is the most widely used security framework in the healthcare industry, several industry leaders now require HITRUST compliance of their Business Associates. As a result, HITRUST compliance is essential for businesses that partner with or provide services to many of the major companies in the healthcare sector.
Even for those that don’t require HITRUST compliance, having a HITRUST certification is a major selling point for companies seeking to do business in the healthcare industry, as it provides added reassurance that your company is compliant with not just HIPAA but also other relevant regulatory requirements and frameworks. No healthcare organization wants to put its patients’ sensitive data at risk, so partnering with and utilizing the services of companies that have proven HITRUST compliance is a smart and strategic business decision.