The number-one healthcare security framework in the U.S., the Health Information Trust Alliance Common Security Framework (HITRUST
CSF) is federally mandated for all healthcare providers that create, collect, store, or share personal health information (PHI).
HISTRUST CSF is similar in intent to HIPAA, a framework that focuses on data and privacy; both aim to protect personal data from unauthorized access and theft. HITRUST CSF, however, specifically addresses information security. Its comprehensive amalgam of rules from HIPAA, NIST, PCI DSS, and ISO 27001, as well as from many state laws, aims to provide a uniform, structured process for managing data and systems security and compliance.
Although different specifications apply to different facilities—HITRUST CSF has three levels of specifications for medical providers of different sizes—we’ve created a comprehensive checklist of tasks and questions to help every organization sail through the rigorous audit with ease.