
HITRUST
Comprehensive security framework for healthcare and sensitive data
Overview
HITRUST CSF (Common Security Framework) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
The framework was created to address the multitude of security, privacy, and regulatory challenges facing organizations, particularly those in the healthcare industry.
HITRUST CSF harmonizes multiple standards and regulations, including HIPAA, NIST, ISO, PCI, GDPR, and others, into a single overarching framework.
Key Requirements
- Information Protection Program
- Endpoint Protection
- Portable Media Security
- Mobile Device Security
- Wireless Security
- Configuration Management
- Vulnerability Management
- Network Protection
- Transmission Protection
- Password Management
- Access Control
- Audit Logging & Monitoring
- Education, Training & Awareness
- Third Party Assurance
- Incident Management
- Business Continuity & Disaster Recovery
Frequently Asked Questions
- Governing Body:
- HITRUST Alliance
- Assessment Types:
- Self-Assessment, Validated Assessment, Certified Assessment
- Certification Period:
- 2 years with interim assessment at 1 year
- Control Categories:
- 19 domains with over 150 control references
- Maturity Levels:
- Policy, Procedure, Implementation, Measurement, Management
- Healthcare providers and hospitals
- Health insurance companies
- Healthcare technology companies
- Business associates handling protected health information (PHI)
- Pharmaceutical and life sciences organizations
- Healthcare clearinghouses
- Any organization handling sensitive healthcare data
HITRUST Readiness Assessment
Comprehensive evaluation of your current security posture against HITRUST CSF requirements to identify gaps and develop a remediation plan.
HITRUST Implementation Support
Hands-on assistance with implementing the necessary controls and processes to meet HITRUST CSF requirements.
Documentation Development
Creation of comprehensive policies, procedures, and other documentation required for HITRUST assessment.
Assessment Preparation
Thorough preparation for your HITRUST assessment, including documentation review, evidence collection, and mock assessments.
Remediation Support
Expert guidance and support to address any gaps or deficiencies identified during the assessment process.