HITRUST, is a certifiable framework which can be used by organisations that create, assess, store or exchange personal health and financial information. It ensures that information security becomes a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges by addressing specific challenges such as concern over current breaches, numerous and sometimes inconsistent requirements and standards, compliance issues, and the growing risk and liability associated with information security in the healthcare industry.
The HITRUST CSF is organized by 14 Control Categories, which contain 45 Control Objectives and 149 Control Specifications based on ISO/IEC 27001:2005 and 27002:2005. Each Control Specification consists of as many as three implementation levels applied to healthcare organizations according to specific organizational, system and regulatory factors.
HITRUST also provides detailed assessment guidance and cross-references to the many authoritative sources incorporated into the framework
The HITRUST CSF is applicable to healthcare organizations of varying size and complexity due to incorporation of all major healthcare information security-related requirements and best practices.
Analyse the process:
The Management committee defines which kind of audit to be performed as well as allocation of proper resources for the audit
Determining the Scope of applicability on the business from 19 HITRUST domains, dozens of controls, and 700+ potential requirements that may apply to the company. These controls vary depending on the type of company and products being certified.
Completion of CSF
Documentation along with implementation of included policies, risk assessments, as well as technical documentation and configurations are required to complete the CSF. In the initial phases the entire process takes around 3-6 months for the first year. However, the subsequent audits require only 2 months.
Once the CSF requirements under the guidance of the assessor are met, the validation process follows that requires submission of all the necessary documents
The personals at the HITRUST Alliance will audit the submission to release the HITRUST CSF certificate