Reciprocity Labs zenGRC

Make Risk & Compliance Easy

Part 1 - Preparing for Your HITRUST Audit:

A Step by Step Guide


The number-one healthcare security framework in the U.S., the Health Information Trust Alliance Common Security Framework (HITRUST

CSF) is federally mandated for all healthcare providers that create, collect, store, or share personal health information (PHI).

HISTRUST CSF is similar in intent to HIPAA, a framework that focuses on data and privacy; both aim to protect personal data from unauthorized access and theft. HITRUST CSF, however, specifically addresses information security. Its comprehensive amalgam of rules from HIPAA, NIST, PCI DSS, and ISO 27001, as well as from many state laws, aims to provide a uniform, structured process for managing data and systems security and compliance.

Although different specifications apply to different facilities—HITRUST CSF has three levels of specifications for medical providers of different sizes—we’ve created a comprehensive checklist of tasks and questions to help every organization sail through the rigorous audit with ease.