Last Updated on January 17, 2024
The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is steadily gaining traction in the healthcare industry, with major players like Anthem, Highmark, Humana and UnitedHealth Group requiring their business associates (BAs) to obtain HISTUST certification. This trend is likely to continue, driving more and more hospitals and other care providers to seek HITRUST compliance to avoid challenges with payers.
While hospitals face relentless and often highly damaging attacks from hackers, as well as significant compliance concerns, they also face unique challenges around budgets that make funding large information security projects difficult. Our experience has shown, depending on how a hospital or hospital group is structured, achieving HITRUST compliance can be very complex and require significant resources—or be surprisingly straightforward.
As an aside, if you want to quickly find out how close your hospital is to HITRUST compliance… Pivot Point Security offers a simple HITRUST gap assessment specifically designed for hospitals to let administrators and cybersecurity leaders know exactly what they need to do to achieve compliance.
Why and How to Get Certified
HITRUST certification brings on benefits other than just satisfying the demands of your healthcare partners. The regulation covers both HIPAA and HITECH requirements and is cross-referenced with other security and data privacy regulations that may also impact your hospital. HITRUST’s holistic approach rationalizes the complexity, cost, and risk associated with compliance. In particular, HITRUST certification can save you time and money on HIPAA audits by enabling you to demonstrate exactly how your InfoSec program meets HIPAA requirements (or those of other overlapping standards, like PCI or NIST).
Perhaps the most fundamental question about HITRUST certification is: “Where do I begin?” Our proven HITRUST certification process will guide you through two phases, from identifying needs all the way to achieving compliance. To start developing a clear roadmap of the steps you need to take to become HITRUST-certified, contact us.
More HITRUST CSF Information:
- Does HITRUST certification mean we’re HIPAA-compliant?
- Be aware of a key HITRUST Consulting Challenge
- How HITRUST supports third-party risk management in healthcare
- Key differences between HITRUST and ISO 27001 for healthcare