Jump to content

HITRUST

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by SnowyMeadows (talk | contribs) at 22:21, 5 September 2023 (HITRUST Validated Assessment Certifications: This section is sourced from a blog, reads like an advert, and is not of encyclopedic value). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

HITRUST is a privately held company located in Frisco, Texas, United States that, in collaboration with healthcare, technology and information security organizations, established the HITRUST CSF. The company claims CSF is a comprehensive, prescriptive, and certifiable framework, that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.

HITRUST originally served as an acronym for "Health Information Trust Alliance", but the company has since rebranded as simply HITRUST. HITRUST includes a for-profit division (HITRUST Services Corp) and a not-for-profit division (HITRUST Alliance).

The HITRUST CSF

The HITRUST CSF (created to stand for "Common Security Framework", since rebranded as simply the HITRUST CSF) is a prescriptive set of controls that meet the requirements of multiple regulations and standards.[1][2] The framework provides a way to comply with standards such as ISO/IEC 27000-series and HIPAA.[3][4] Since the HITRUST CSF incorporates various security, privacy, and other regulatory requirements from existing frameworks and standards, some organizations utilize this framework to demonstrate their security and compliance in a consistent and streamlined manner.[5] Organizations can complete a self-assessment using the HITRUST framework, or they can engage with a HITRUST assessor for an external, third-party engagement.

HITRUST CSF has garnered criticism for being "cumbersome, expensive, arbitrary, unnecessarily complex", and using "outdated data".[6][4]

Current version of CSF is v11, released in January 2023.

Executive Council

HITRUST is led by a management team and governed by an Executive Council made up of leaders from across a variety of industry. These leaders represent the governance of the organization, but other founders also comprise the leadership to ensure the framework meets the short- and long-term needs of the entire industry.

Executive Council members represent the following organizations:

References

  1. ^ Bosworth, Seymour; Kabay, M. E.; Whyne, Eric (2014). Computer Security Handbook, Set. John Wiley & Sons. ISBN 9781118851746. Retrieved 16 May 2019.
  2. ^ Snedaker, Susan (2013). Business Continuity and Disaster Recovery Planning for IT Professionals. Newnes. ISBN 9780124114517. Retrieved 17 May 2019.
  3. ^ "What is HITRUST CSF Certification?". Datica Health. Retrieved 17 May 2019.
  4. ^ a b Schreider, Tari (2017). Building Effective Cybersecurity Programs: A Security Manager's Handbook. Rothstein Publishing. ISBN 9781944480509. Retrieved 16 May 2019.
  5. ^ "Microsoft Compliance. Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) (2019)".
  6. ^ "Delaware Health Information Network Pursues HITRUST Certification". www.govtech.com. Retrieved 20 August 2019. In an open letter to the HITRUST Alliance written and posted to LinkedIn last year, a network security professional named Kamal Govindaswamy questioned the usefulness of the HITRUST CSF, describing it as "cumbersome, expensive, arbitrary, unnecessarily complex" and using "outdated data."