Why HITRUST?
The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
The Hitrust Csf
- Includes, harmonizes and cross-references existing, globally recognized standards, regulations and business requirements, including ISO, NIST, PCI, HIPAA, and COBIT and State laws
- Scales controls according to type, size and complexity of an organization
- Provides prescriptive requirements to ensure clarity
- Follows a risk-based approach offering multiple levels of implementation requirements determined by risks and thresholds
- Allows for the adoption of alternate controls when necessary
- Evolves according to user input and changing conditions in the healthcare industry and regulatory environment on an annual basis
- Provides an industry-wide approach for managing Business Associate compliance
Delivery Methods
Get a Free Consultation!
Option 1
CSF Validation & Certification
- Streamlined validation execution
- Fortified serves as liaison with HITRUST Alliance
- Assistance with CSF control compliance best practice
- Continuous, clear, concise communication throughout process
- Demonstrable value to your security program
- Compliant with the HIPAA Security Rule for completion of a risk analysis
- Satisfies HIPAA Security Rule requirement of continuous evaluation and management of organizational risk
Option 2
CSF Self-Assessment Assistance
- Fortified serves as liaison with HITRUST Alliance
- Assistance with CSF control compliance best practice
- Continuous, clear, concise communication throughout process
- Value to your security program
- Compliant with the HIPAA Security Rule for completion of a risk analysis
- Satisfies HIPAA Security Rule requirement of continuous evaluation and management of organizational risk