What is HITRUST?
For those of you scratching your head, HITRUST is a private organization of providers (hospitals, physician practices, etc) and payers (insurance companies) that created a certifiable framework for healthcare technology security, the HITRUST Common Security Framework or CSF. Additionally, HITRUST has championed programs focused on safeguarding health information and managing information risk while striving to give consumers confidence in the organizations can create, store and exchange their personal health information.
HITRUST operates with the specific intent to serve all healthcare industry leaders who recognize that information security is a fundamental component to data systems and exchanges. The CSF addresses the various security, privacy and regulatory challenges facing healthcare organizations in order to help them comply with HIPAA and NIST regulations. It is important to note that although HIPAA is part of HITRUST, the CSF does not guarantee or issue a certificate of compliance.
How is a Risk Analysis Related to HITRUST?
The road to achieving HITRUST certification has many requirements and one of those is to complete a bona-fide security risk analysis. Fundamental to any organization’s information compliance and risk management, a risk analysis ensures that appropriate controls are in place and fully aligned with the risks to which an organization is exposed.
Enter HIPAA One.
The HIPAA One risk analysis software suite is based on the Office for Civil Rights HIPAA Audit Protocol and NIST-based risk analysis. As such, it already includes up to 70% of the information and documentation required for certification. It is now possible to remove duplicate work and leverage your existing risk analysis to accelerate your organization’s path to HITRUST compliance.