Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. For more information, visit HITRUSTalliance.net.
HITRUST, in collaboration with public and private health care technology, privacy, and information security leaders, has established the Common Security Framework (CSF). The CSF is a certifiable risk and compliance management framework that can be used by organizations that create, access, store, or exchange protected health information (ePHI). The framework harmonizes the requirements of existing federal and state regulations including HIPAA, HITECH, PCI, and COBIT.
The CSF Assurance Program includes the risk management oversight and assessment methodology governed by HITRUST and designed for the unique regulatory and business needs of the healthcare industry. HITRUST CSF certification provides an independent verification of security controls using a qualified third party CSF Assessor to perform onsite testing. It helps healthcare organizations and their business associates by affirming adherence to an industry-developed and supported security framework, reducing the administrative burden of completing costly audits.