The HITRUST Alliance, a consortium of health information technology vendors, developed a certifiable security framework (Common Security Framework (CSF) that can be implemented in any organization regardless of size or security governance maturity. Founded in 2007, HITRUST is a not-for-profit organization whose mission is “to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.
The CSF incorporates current federal, state, third-party, international, and government agency security standards and regulations. The CSF is particularly useful for security self-assessments and to generate risk remediation action plans. Additionally, it is a reputed framework that Business Associate (Bas) can implement to demonstrate the quality of their data security practices to Covered Entities (CEs) Protect information assets and manage data associated risks through an accepted security framework.
The HITRUST Common Security Framework (CSF), which rationalizes health care relevant regulations and standards, such as NIST, HIPAA, and PCI-DSS into a single, certifiable controls framework. This framework supports the Health Insurance Portability and Accountability Act (HIPAA), the US government’s security standards that all health plans, clearinghouses, and providers must follow. Standards are required at all stages of transmission and storage of health care information to help ensure integrity and confidentiality.
The health care providers increasingly have contractual obligations to become HITRUST certified or at least to demonstrate that they are using a standard security framework, such as the HITRUST CSF.
The health care providers can pursue certification through the HITRUST CSF Assurance program, a SOC 2 engagement carried out by an independent auditor adds additional value in that it integrates the AICPA Trust Services Criteria and the HITRUST CSF and can be used for certification purposes.
E Com Security Solutions is recognised as one of the market leaders in security, privacy, and internal control services. We have a dedicated practice of risk and control specialists with deep industry focus and experience. We have assisted over 4000 Organisations on cyber security and privacy assessments and our opinion stating that your operating controls meet HIPAA Security and Privacy standards is likely to reinforce customer confidence in your company.
E Com Security Solutions HITRUST CSF Certification fulfill contractual obligations, but also it can be used as a competitive differentiator. Healthcare providers can share the certification with their customers to set themselves apart from those who have not met such rigorous controls standards.