Summary

The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. Developed in collaboration with information security professionals across various industries, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.

Data security is a hot topic in every industry but has remained fragmented in terms of the systems used to enhance protection. Organizations now have an industry-wide platform that can be used across the board to implement these protections. Originally designed to manage regulatory compliance and risk for the healthcare industry, the HITRUST CSF has taken center stage in providing a solution to bring all regulatory requirements under one umbrella. Organizations outside of the healthcare industry have taken notice, providing leverage to expand into other industries.

With its recent release of the HITRUST CSF v9.2 update, this framework now unifies requirements across authoritative sources such as HIPAA/HITECH, ISO, NIST, PCI DSS, and COBIT. What does this mean? By unifying these frameworks, the system now works with organizations of all sizes and industries. Scalable in nature, it can handle all types of data, delivered in one comprehensive report.

Why the HITRUST CSF?

Organizations across industries have realized the similarities in cyber security threats. With so much at stake, the need to protect sensitive data is increasingly important. For companies who have interests beyond healthcare, the HITRUST CSF brings everything together in one place.

Benefits of the HITRUST CSF

The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. Developed in collaboration with information security professionals across various industries, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.

What makes the 9.2 version different?

The control language of previous versions focused on ePHI and the healthcare industry. This new version integrates data protection requirements from Europe’s General Data Protection Regulation (GDPR), and Singapore’s Personal Data Protection Act (PDPA), and the language is reworded to include all types of sensitive data, allowing for wider adoption across industries. This gives the HITRUST CSF the ability to gain assurance over its information security and privacy practices.

Organizations who specialize in healthcare-related information still have the capabilities of performing ePHI-focused assessments but must select the Health Insurance Portability and Accountability Act (HIPAA) as an included regulatory risk factor. non-healthcare related organizations can remove the ePHI and healthcare language.

More changes are due down the line with the release of version 9.3 and version 10. Version 9.3 expands the number of authoritative sources included in the CSF to 44 by adding: the California Consumer Privacy Act (CCPA) 1798; the South Carolina Insurance Data Security Act 2018 (SCIDSA) 4655; and NIST SP 800-171 R2 (DFARS). Version 10 of HITRUST CSF will have two approaches for organizations to streamline their processes:

  • HITRUST Control Core: a Blanket framework to be used by any industry.
  • HITRUST Control Core + Industry Focus: Customized framework incorporating additional control requirements based on industry or unique requirements.

Users can look to the Control Core + Industry Focus as a way to incorporate industry-specific best practices. It may also generate higher numbers of control requirements. This could take greater effort and expense. This version also takes a look into customer expectations, existing industry standards, and current program maturity as considerations.

Changes to boost visibility

These changes and updates from HITRUST can strengthen vendor relationships with their commitment to security. They provide a well-defined and consistent risk management framework to assist in benchmarking your organization’s cybersecurity program against other industry internal and external organizations. Well-equipped to evaluate vendors and suppliers, this protects your organization and the third-party vendors already in the supply chain.

The HITRUST CSF also helps organizations boost confidence. Once a company has gone through the HITRUST Certification, this demonstrates to vendors that your organization is fully committed to data security. HITRUST Certification also helps organizations display their leadership to current and potential vendors, gaining trust and a reputation for being a forward-thinking organization that cares about protecting data security.

These enhancements help envision stronger data protection and information risk management practices in every industry with an established and highly recognized framework and assessment methodology that works. With an industry-standard solution in place, internal and external stakeholders will be more comfortable with organization management as they address their own industry-specific standards. Additionally, these organizations will be able to assess where they are in relation to existing and changing industry control requirements. This way, organizations can better communicate their security and privacy protocols, solidifying their position within the market.

Learn more about the benefits of having a CPA firm perform your HITRUST assessment, and how to streamline your SOC audit using the HITRUST CSF.

For more information on HITRUST CSF and how this platform can work for your organization, call us at 215-675-1400 or request a quote today.

Author Picture

Request a Quote

Get hassle-free pricing in 3 easy steps:

  • Step 1: Send us a message
  • Step 2: Allow us to create a customized plan
  • Step 3: We’ll get you an accurate, no-obligation quote
[form_name]

Start Here

Request a Quote

Please fill out the fields below and one of our specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235

Request a Quote (ACTIVE)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending
I.S. Partners

Your choice regarding cookies on this site

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.