From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

HITRUST, created as an acronym for "Health Information Trust Alliance", is a privately held company located in Frisco, Texas, United States that, in collaboration with healthcare, technology and information security leaders, has established the HITRUST CSF, a comprehensive, prescriptive, and certifiable framework, that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.


The HITRUST CSF (created to stand for "Common Security Framework") is a prescriptive set of controls that meet the requirements of multiple regulations and standards.[1][2] The framework provides a way to comply with ISO/IEC 27000-series and HIPAA standards.[3][4]

HITRUST CSF has garnered criticism for being "cumbersome, expensive, arbitrary, unnecessarily complex".[5][4]

Executive Council[edit]

HITRUST is led by a management team and governed by an Executive Council made up of leaders from across a variety of industry. These leaders represent the governance of the organization, but other founders also comprise the leadership to ensure the framework meets the short- and long-term needs of the entire industry.

Executive Council members represent the following organizations:


  1. ^ Bosworth, Seymour; Kabay, M. E.; Whyne, Eric (2014). Computer Security Handbook, Set. John Wiley & Sons. ISBN 9781118851746. Retrieved 16 May 2019.
  2. ^ Snedaker, Susan (2013). Business Continuity and Disaster Recovery Planning for IT Professionals. Newnes. ISBN 9780124114517. Retrieved 17 May 2019.
  3. ^ "What is HITRUST CSF Certification?". Datica Health. Retrieved 17 May 2019.
  4. ^ a b Schreider, Tari (2017). Building Effective Cybersecurity Programs: A Security Manager’s Handbook. Rothstein Publishing. ISBN 9781944480509. Retrieved 16 May 2019.
  5. ^ "Delaware Health Information Network Pursues HITRUST Certification". www.govtech.com. Retrieved 20 August 2019.