Listen to: "HITRUST CSF Further Expands with the V9.2 Update"
The HITRUST® team of experts has once again returned the drawing board, working to improve and expand the HITRUST CSF.
On January 21, 2019, HITRUST announced the latest update, which is chronologically entitled v9.2. The update offers additional information and strategies to guide IT teams in their efforts to protect the vital electronic healthcare information in their respective organization’s care.
The highly anticipated HITRUST CSF v9.2 largely focuses on leveraging its international standards in order to expand into new industries, such as media and entertainment, financial services, travel and hospitality, startups and telecommunications.
Summary of HITRUST CSF V9.2 Update
With this important update, the HITRUST team continues its fundamental efforts to ensure availability of a common information protection framework, which provides the necessary structure, clarity, cross-references and functionality to continually expand and leverage the foundation for improvements.
Standards such as ISNO, NIST, PCI, HIPAA and COBIT continue to transform as a comprehensive set of baseline security controls to protect organizations and the data entrusted to them.
There are two key changes in this update, and they focus on the shift to an agnostic framework, along with the integration of international regulatory requirements.
- The HITRUST CSF v9.2 removes healthcare-specific regulatory requirements from all three implementation levels and places them in a different industry control segment. This change ensures that non-healthcare entities do not see these particular requirements in their assessment.
- In healthcare, language constantly adapts and evolves, as part of any agnosticizing effort. Think about the term “business associate,” for example, which has been updated to “vendor” while “PHI” has become known as “covered information.” To ensure more ease in GDPR compliance, for instance, HITRUST CSF v9.2 provides plain-language versions of the EU’s General Data Protection Regulation (GDPR) requirements, as well as Singapore’s Personal Data Protection Act (PDPA).
Additionally, HITRUST has included minor administrative updates, such as any correction regarding grammar or formatting errors, which are not generally included in the Summary of Changes.
The Impact of the HITRUST CSF V9.2 Update on Adapting to New Industries
This comprehensive framework began as a healthcare-related regulatory compendium, incorporating standards, regulations and policies from COBIT, HIPAA, ISO, NIST and PCI. The HITRUST CSF intended to provide clarity and consistency while reducing the burden and stress of compliance with each of those requirements regarding healthcare organizations.
With this update, HITRUST CSF prepares to expand beyond the parameters of healthcare to help ease the strain of compliance for additional industries, such as finance, entertainment, manufacturing, travel and hospitality and more. These industries have never had the benefit of relying on a defined and industry-accepted information security framework to protect their electronic information.
V9.2 promises to now provide a whole range of industries a leap toward optimal and unprecedented protection, with this multidimensional information security, privacy and risk management framework.
What HITRUST CSF V9.2 Means for Your Organization
If your business is not in the healthcare sector, you may not currently have a standard controls framework to guide you toward optimal protection of any electronic information you keep. When you select to pursue HITRUST CSF certification, you are setting your organization up for improved protection and exceptional brand reputation. Clients will appreciate your dedication to protecting their data when you go to extra lengths, such as investing in a framework built to help businesses provide protection.
Do You Need Help Getting Up to Speed with HITRUST CSF V9.2?
If any of this round of HITRUST CSF updates are unclear, or you have any other questions regarding the framework, our I.S. Partners, LLC. team can help clear things up. The framework has become an essential tool across diverse industries and around the world, so it is crucial to keep up with the updates.
We know our clients stay busy with daily obligations and organizational goals, so we know how important it is for you to have a team you can rely on to help you protect your organization’s vital electronic information, for the sake of your clients and your reputation.