Hitrust in collaboration with private sector government technology and information privacy and security leaders has established the hitrust csf a certifiable framework that can be used by any organization that creates accesses stores or exchanges sensitive information.
Hitrust security framework.
Hitrust created and maintains the common security framework csf a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance in a consistent and streamlined manner.
Download the hitrust csf v9 4 free of charge.
The governing body further added that the requests for combining soc 2 and hitrust reports are also.
Between the csf s 19 reporting domains are 149 control specifications which can each be assessed to one of three implementation levels.
Hitrust believes these changes are consistent with the letter and intent of the president s executive order on improving critical infrastructure cybersecurity which is to help raise the bar for security and privacy protection in the private sector and improve the nation s resilience to ever increasing cybersecurity threats.
The hitrust csf provides the structure transparency guidance and cross references to authoritative sources organizations globally need to be certain of their data protection compliance.
Roughly 38 000 common security framework csf assessments have been performed in the last three years.
The course is required for individuals working as part of a hitrust authorized external assessor organization that wishes to provide hitrust and csf related services.
The health information trust alliance hitrust is an organization governed by representatives from the healthcare industry.
It is also for those organizations that plan to leverage the framework and process internally.
October 28 2014 the hitrust common security framework csf is an important tool that healthcare organizations of all sizes can use in their approach to regulatory compliance and risk.
The cost for the certified csf practitioner course is 3 000.
The company claims csf is a comprehensive prescriptive and certifiable framework that can be used by all organizations that create access store or exchange sensitive and or regulated data.
Hitrust march 1 2010 2 2 cloud security alliance controls matrix v1 0 joint commission formerly jcaho information management state of nevada nrs 603a hitrust september 10 2010 3 0 cms is ars v1 appendix a high hitrust december 1 2010 3 1 pci dss v2 0 hitrust august 4 2011 4 0 nist sp 800 53 r3 hie wg recommendations.
The health information trust alliance hitrust is expecting a continuous demand for csf certification thanks to the third party assurance requirements from major health organizations.
The hitrust csf assurance program combines aspects from common security frameworks like iso nist pci and hipaa.