If you’re thinking about embarking on your HITRUST Common Security Framework (CSF) certification process, you’re probably wondering how much it’ll set you back. It’s an important consideration and, frankly, may force a decision not to certify your organization’s security controls against the HITRUST CSF. I think it’s critical to make the case for an informed […]
Depending on who you talk to, the definition of a HITRUST “Gap Assessment” may sound very different. That’s because the HITRUST CSF nomenclature departs slightly from common security parlance. That’s a good thing, in my opinion, because the HITRUST CSF is exacting with pre- and post-certification process requirements. In this article, we’ll dig into what
There have been a slew of healthcare organizations that have experienced data breaches over the past decade. Some of those are mundane: misprinted and mismailed information or a phone call to the incorrect recipient. However, as healthcare organizations become increasingly sophisticated and use more technology more often to support operations, errors or attacks against that
HITRUST just released its 11th version of HITRUST cybersecurity framework or HITRUST CSF. One of the major changes in version 11 is the removal of the HITRUST bC assessment and its replacement with the new HITRUST e1. Let’s dive into some high-level information about what the HITRUST e1 assessment is, why an organization would pursue
The HITRUST Common Security Framework (CSF) was created by the Health Information Trust Alliance (or HITRUST Alliance) to provide a formal certification process for an information security program. HITRUST certification provides a high degree of confidence in the verified ability of an organization to meet its regulatory compliance needs and ability to implement reasonable safeguards.
If you’ve reached this page you’re likely wondering: how do I provide independent verification and validation of my organization’s security controls? Both HITRUST certification and a SOC 2 assessment are great ways to accomplish that need. Both accomplish that in completely different ways: In this article, I’ll provide some opinions about why you’d choose one
The road to HITRUST can be confusing for many, but it’s a worthwhile journey. The HITRUST Alliance provides a wealth of materials outlining what certification means and how to achieve it. If you’re considering HITRUST certification, I’d highly recommend that you pursue those materials. Eventually, you’ll need to. In this article, I’ll help you understand
Navigating HIPAA compliance and HITRUST certification can be difficult. Numerous solutions purport to provide one certification or the other, but what does that mean for you and your business? In this article, we’ll cover what HIPAA and HITRUST are, what HITRUST certification and HIPAA compliance mean under each standard, and how each benefits the healthcare