The Health Information Trust Alliance, known as HITRUST, was founded in 2007. HITRUST aims to help organizations manage risk and compliance with the HITRUST Common Security Framework or HITRUST CSF. Jump to resource links -->
The HITRUST CSF brings HIPAA compliance together with other security and privacy frameworks, such as NIST and ISO, to ensure organizations are properly conforming to HIPAA and other regulations. The certifiable framework is designed to provide a comprehensive yet flexible approach to regulatory compliance and risk management. It enables organizations with different risk profiles to customize security and privacy baselines based on organization type and size, as well as systems and regulatory requirements. Due to its flexibility and alignment with a variety of national and international regulations and standards, the HITRUST CSF has become a widely used privacy and security framework across all industries. It’s the most widely adopted security control framework in the U.S. healthcare industry, with more than 80 percent of hospitals and health plans having implemented it.
Because there is no true HIPAA certification, many organizations required to comply with HIPAA opt to pursue HITRUST CSF Certification. There are three stages in the HITRUST certification process:
Given that the HITRUST CSF is the most widely used security framework in the healthcare industry, several industry leaders now require HITRUST compliance of their Business Associates. As a result, HITRUST compliance is essential for businesses that partner with or provide services to many of the major companies in the healthcare sector.
Even for those that don’t require HITRUST compliance, having a HITRUST certification is a major selling point for companies seeking to do business in the healthcare industry, as it provides added reassurance that your company is compliant with not just HIPAA but also other relevant regulatory requirements and frameworks. No healthcare organization wants to put its patients’ sensitive data at risk, so partnering with and utilizing the services of companies that have proven HITRUST compliance is a smart and strategic business decision.
The HITRUST CSF is a framework designed and created to streamline regulatory compliance. Companies that implement HITRUST CSF controls and strive to meet HITRUST requirements are better equipped for audits and lower their regulatory risk, but what are those requirements?
The HITRUST certification is the highest Degree of Assurance a company can obtain. The HITRUST certification is increasingly required of business associates by some entities, such as health insurance providers, in order to ensure that business associates have the adequate security controls and protections in place to protect sensitive personal data.
Most don't realize HITRUST is not a framework at all, but an organization comprised of healthcare industry leaders. Let's dive into the HITRUST CSF Framework, developed by the HITRUST organization, in partner with other technology and information security leaders.
This guide is intended to give developers a simple way to configure their Cosmos DB service to be HITRUST CSF ready. In this guide we’ll walk through the requirements, controls, and configurations for Azure Cosmos DB.
This guide is intended to give developers an easy to understand, step by step runbook for configuring their AWS RDS instance to be HITRUST CSF ready. In the following sections we’ll walk through the requirements, controls, and configurations for RDS.