An all-in-one integrated framework covering compliance, trust, and cybersecurity

The HITRUST Alliance (HITRUST) was formed by a consortium of healthcare organizations in 2007 to advocate programs that safeguard protected health information (PHI) and manage information risk for healthcare providers and their third-party service organizations.  The HITRUST Common Security Framework (CSF) is a certifiable framework that combines HIPAA, HITECH, PCI, COBIT, NIST, and FTC, among others. In collaboration with information security leaders, HITRUST develops – and constantly updates – a single overarching security framework as a solution to compliance and risk management within healthcare and other industries.

An all in one integrated framework that covers Compliance, Trust, and CyberSecurity.  Developed in collaboration with information security professionals, the HITRUST CSF justifies relevant regulations and standards into a single security framework.  Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and, regulatory requirements.

HITRUST CSF can be used in the Healthcare, Finance, and Manufacturing industries and is continuing to evolve into other industries.  HITRUST CSF provides the needed structure, clarity, functionality and cross-reference to authoritative sources.

Copeland Buhl’s HITRUST CSF assessors can assist your company with its HITRUST certification.  Before starting the Certification process, we recommend the following assessments.

Self-Assessment – Perform a HITRUST CSF Self-Assessment only, with no intention of performing a CSF Validated Assessment or seek CSF Certification

Readiness Assessment – HITRUST strongly recommends organizations conduct readiness assessments against all 135 CSF controls, rather than only those controls needed for certification.  This will help ensure both the approved HITRUST CSF Assessor and the assessed organization are always aware of the status of the information protection program and can readily support a CSF controls assessment, regardless of type (e.g., a security assessment used for certification or a comprehensive security assessment used to generate a regulatory scorecard).

Once you are ready for HITRUST Certification you can then choose from the following reports:

HITRUST Validated Report – This report comes out of the MyCSF tool and is validated by HITRUST

HITRUST Validated Report and Certification – organizations can obtain a HITRUST CSF certification report through an assessment by Copeland Buhl assessors and issuance of the certification report by HITRUST