HITRUST certification is focused on providing a prescriptive set of controls that are cross mapped and referenced to standards and regulations relevant to healthcare to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks that a typical hospital has to an acceptable level. An over-simplified view is that HITRUST is a set of predefined controls for an assumed set of risks and compliance requirements – with an IT-GRC like mapping. It’s a pre-customized CSF in a box. HITRUST has the advantage over ISO 27001 by being a bit “simpler” as the risks and risk treatments are largely defined.
HITRUST is a compliance framework, which incorporates ISO 27001, COBIT, NIST and a variety of other best practices frameworks as well as specific compliance requirements relevant to the health care industry. (e.g., HIPAA/CMS and NIST, PCI-DSS, and ARRA/HITECH). HITRUST is produced by an alliance of health care payers, providers and vendors, so the HITRUST compliance framework is designed for healthcare by healthcare.
HITRUST Downloadable Resources
- Third Party Vendor Risk Management
- ISO 27001 Implementation Roadmap
- An Introduction to ISO 27001
- Driven To ISO 27001 – Driven By ISO 27001
- Is ISO 27001 Right for (Y)our Organization?
- ISO 27001 Case Study