Hitrust Security Framework

The health information trust alliance hitrust is expecting a continuous demand for csf certification thanks to the third party assurance requirements from major health organizations.

Hitrust security framework.

Between the csf s 19 reporting domains are 149 control specifications which can each be assessed to one of three implementation levels. Hitrust is a privately held company located in frisco texas united states that in collaboration with healthcare technology and information security organizations established the hitrust csf. Download the hitrust csf v9 4 free of charge. The hitrust csf assurance program combines aspects from common security frameworks like iso nist pci and hipaa.

Roughly 38 000 common security framework csf assessments have been performed in the last three years. Hitrust created and maintains the common security framework csf a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance in a consistent and streamlined manner. Hitrust believes these changes are consistent with the letter and intent of the president s executive order on improving critical infrastructure cybersecurity which is to help raise the bar for security and privacy protection in the private sector and improve the nation s resilience to ever increasing cybersecurity threats. Hitrust march 1 2010 2 2 cloud security alliance controls matrix v1 0 joint commission formerly jcaho information management state of nevada nrs 603a hitrust september 10 2010 3 0 cms is ars v1 appendix a high hitrust december 1 2010 3 1 pci dss v2 0 hitrust august 4 2011 4 0 nist sp 800 53 r3 hie wg recommendations.

The company claims csf is a comprehensive prescriptive and certifiable framework that can be used by all organizations that create access store or exchange sensitive and or regulated data. The hitrust csf provides the structure transparency guidance and cross references to authoritative sources organizations globally need to be certain of their data protection compliance. The health information trust alliance hitrust is an organization governed by representatives from the healthcare industry. Hitrust in collaboration with private sector government technology and information privacy and security leaders has established the hitrust csf a certifiable framework that can be used by any organization that creates accesses stores or exchanges sensitive information.

Due to this hitrust csf has become a widely adopted security and privacy framework across industries globally. Read about the hitrust common security framework here. The course is required for individuals working as part of a hitrust authorized external assessor organization that wishes to provide hitrust and csf related services. It is also for those organizations that plan to leverage the framework and process internally.