HITRUST certification is focused on providing a prescriptive set of controls that are cross mapped and referenced to standards and regulations relevant to healthcare to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks that a typical hospital has to an acceptable level. An over-simplified view is that HITRUST is a set of predefined controls for an assumed set of risks and compliance requirements – with an IT-GRC like mapping. It’s a pre-customized CSF in a box. HITRUST has the advantage over ISO 27001 by being a bit “simpler” as the risks and risk treatments are largely defined.
HITRUST is a compliance framework, which incorporates ISO 27001, COBIT, NIST and a variety of other best practices frameworks as well as specific compliance requirements relevant to the health care industry. (e.g., HIPAA/CMS and NIST, PCI-DSS, and ARRA/HITECH). HITRUST is produced by an alliance of health care payers, providers and vendors, so the HITRUST compliance framework is designed for healthcare by healthcare.
HITRUST Downloadable Resources
- Third Party Vendor Risk Management
- ISO 27001 Implementation Roadmap
- An Introduction to ISO 27001
- Driven To ISO 27001 – Driven By ISO 27001
- Is ISO 27001 Right for (Y)our Organization?
- ISO 27001 Case Study
- “High Business Impact” Data—A Better Way to Talk about Vendor Risk
- 3 More Preventable Mega-Hacks that Illustrate the Value of Independent Information Security Certification
- 70% of Breaches are Detected by a Third Party
- What is a Reasonable Cost/Scope for an ISO 27001 Internal Audit?
- 10 Suggestions for Evaluating Application Service Providers So You Don’t End Up Like Hillary Clinton