This article needs additional citations for verification. (May 2019) (Learn how and when to remove this template message)
HITRUST is a privately held company located in Frisco, Texas, United States that, in collaboration with healthcare, technology and information security organizations, established the HITRUST CSF. The company claims CSF is a comprehensive, prescriptive, and certifiable framework, that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.
HITRUST originally served as an acronym for "Health Information Trust Alliance", but the company has since rebranded as simply HITRUST. HITRUST includes a for-profit division (HITRUST Services Corp) and a not-for-profit division (HITRUST Alliance).
The HITRUST CSF
The HITRUST CSF (created to stand for "Common Security Framework", since rebranded as simply the HITRUST CSF) is a prescriptive set of controls that meet the requirements of multiple regulations and standards. The framework provides a way to comply with standards such as ISO/IEC 27000-series and HIPAA. Since the HITRUST CSF incorporates various security, privacy, and other regulatory requirements from existing frameworks and standards, some organizations utilize this framework to demonstrate their security and compliance in a consistent and streamlined manner.
HITRUST is led by a management team and governed by an Executive Council made up of leaders from across a variety of industry. These leaders represent the governance of the organization, but other founders also comprise the leadership to ensure the framework meets the short- and long-term needs of the entire industry.
Executive Council members represent the following organizations:
- Bosworth, Seymour; Kabay, M. E.; Whyne, Eric (2014). Computer Security Handbook, Set. John Wiley & Sons. ISBN 9781118851746. Retrieved 16 May 2019.
- Snedaker, Susan (2013). Business Continuity and Disaster Recovery Planning for IT Professionals. Newnes. ISBN 9780124114517. Retrieved 17 May 2019.
- "What is HITRUST CSF Certification?". Datica Health. Retrieved 17 May 2019.
- Schreider, Tari (2017). Building Effective Cybersecurity Programs: A Security Manager’s Handbook. Rothstein Publishing. ISBN 9781944480509. Retrieved 16 May 2019.
- "Microsoft Compliance. Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) (2019)".
- "Delaware Health Information Network Pursues HITRUST Certification". www.govtech.com. Retrieved 20 August 2019.
In an open letter to the HITRUST Alliance written and posted to LinkedIn last year, a network security professional named Kamal Govindaswamy questioned the usefulness of the HITRUST CSF, describing it as “cumbersome, expensive, arbitrary, unnecessarily complex” and using “outdated data.”