An all-in-one integrated framework covering compliance, trust, and cybersecurity

Hitrust CSF

HITRUST Alliance

The HITRUST Alliance (HITRUST) was formed by a consortium of healthcare organizations in 2007 to advocate programs that safeguard protected health information (PHI) and manage information risk for healthcare providers and their third-party service organizations.  The HITRUST Common Security Framework (CSF) is a certifiable framework that combines HIPAA, HITECH, PCI, COBIT, NIST, and FTC, among others.

HITRUST Framework & Compliance

In collaboration with information security leaders, HITRUST develops – and constantly updates – a single overarching security framework as a solution to compliance and risk management within healthcare and other industries.

An all-in-one integrated HITRUST framework that covers Compliance, Trust, and CyberSecurity.  Developed in collaboration with information security professionals, the HITRUST CSF justifies relevant regulations and standards into a single security framework.  Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and, regulatory HITRUST requirements.

HITRUST CSF can be used in the Healthcare, Finance, and Manufacturing industries and is continuing to evolve into other industries.  HITRUST CSF provides the needed structure, clarity, functionality and cross-reference to authoritative sources.

What is HITRUST CSF Certification?

Copeland Buhl’s HITRUST CSF assessors can assist your company with its HITRUST certification. HITRUST certification by the HITRUST Alliance enables vendors and covered entities to demonstrate compliance to HIPAA requirements based on a standardized framework. 

Organizations that create, access, store, or exchange sensitive information can use the HITRUST Common Security Framework (CSF) assessment as a roadmap to data security and compliance. The CSF is a certifiable standard and was designed as a risk-based approach to organizational security–as opposed to a compliance-based approach. The HITRUST CSF Assurance program combines aspects from common security frameworks like ISO, NIST, PCI, and HIPAA.

HITRUST Certification Process

Before starting the Certification process, we recommend the following assessments:

Hitrust CSF

Self-Assessment – Perform a HITRUST CSF Self-Assessment only, with no intention of performing a CSF Validated Assessment or seek CSF Certification

Readiness Assessment – HITRUST strongly recommends organizations conduct readiness assessments against all 135 CSF controls, rather than only those controls needed for certification.  This will help ensure both the approved HITRUST CSF Assessor and the assessed organization are always aware of the status of the information protection program and can readily support a CSF controls assessment, regardless of type (e.g., a security assessment used for certification or a comprehensive security assessment used to generate a regulatory scorecard).

Once you are ready for HITRUST Certification you can then choose from the following reports:

HITRUST Validated Report / MyCSF Portal – This report comes out of the HITRUST MyCSF tool and is validated by HITRUST

HITRUST Validated Report and Certification – organizations can obtain a HITRUST CSF certification report through an assessment by Copeland Buhl assessors and issuance of the certification report by HITRUST