HITRUST

HITRUST is a privately held company that created its own compliance framework called HITRUST CSF, which stands for “Common Security Framework.” The company combines multiple security and privacy regulations into a prescriptive framework that can be used by any organization that handles sensitive data. Currently, its regulations include:

   Federal legislation (e.g., HIPAA)

   Federal agency rules and guidance (e.g., NIST)

   State legislation (e.g., CCPA) International regulation (e.g., GDPR)

   Industry frameworks (e.g., PCI, COBIT)

MyCSF® Cybersecurity Assessment Tool

Process for HITRUST CSF

HITRUST CSF serves as a guide to attain HIPAA or any other type of compliance. Through the HITRUST MyCSF portal, organizations can complete a self-assessment, which is similar to a scoping exercise, and select their preferred degree of assurance, validation, and certification.

The portal will then recommend the administrative, technical, and physical controls required for compliance and then assign a HITRUST assessor to perform an audit.

With HITRUST CSF’s comprehensive approach, organizations are better able to familiarize themselves and prepare for upcoming compliance requirements.

Meet the Team
Contact Us
FAQ's