HITRUST
Health Information Trust Alliance
The Health Information Trust Alliance (HITRUST) has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store, or exchange sensitive and/or regulated health related data.
The CSF includes a prescriptive set of controls that seek to harmonize the requirements of multiple regulations and standards, and those organisations who comply with such requirements may achieve a HITRUST Certification.
What are the benefits of HITRUST CERTIFICATION?
- Reduced time and resources dedicated for audits
- Meet customer requirements through compliance
- Better understanding of risks and growth opportunities of an organization
- Enhanced security systems for better credibility and brand reputation
- Simplified compliance process for better healthcare services
Who can get HITRUST CERTIFICATION?
HITRUST is a common framework built through collaboration with Healthcare, Information Security and Business Technology for any organization to create, access, store or exchange Protected Health Information (PHI) safely and securely.
What are the requirements of HITRUST CERTIFICATION?
The HITRUST CSF includes control objectives and control specifications based on multiple combined references like ISO 27001, ISO 27002, ISO 27799 (Health Informatics), NIST-800 series, HIPAA Omnibus, PCI and other standard references that are integrated and normalized into specific controls.
The HITRUST CSF recommends 14 security Control Categories comprised of Control Objectives and Control Specifications.
HITRUST recommends a comprehensive risk management approach that involves a 4-step process:
- Identify risks and define the protection requirements
- Specify controls
- Implement and manage controls
- Assess and report
Implementation of HITRUST is categorized into three levels based on risk factors:
- Organization factors
- System factors
- Regulatory factors
The three levels of HITRUST compliance requirements:
Level 1: The minimum-security requirements for any system to meet all HIPAA Security Rule Requirements to be compliant with Level 1 of HITRUST.
Level 2: All the functionality and controls of level 1 but with enhanced strength of functionality and controls. Level 2 is only required for an organization that has increased risk and complexity in their organization, system and regulatory factors as compared to Level 1.
Level 3: All the functionality and controls of level 2 but with enhanced/ additional strength of functionality and controls. Level 3 is only required for an organization that has increased risk and complexity in their organization, system and regulatory factors as compared to Level 2.
What is ISO 27001 Certification?
A system that defines specifications for information security, the basic framework of a set of policies, practices & procedures including regulatory requirements, physical, technical & administrative controls.
How to be GDPR Compliant?
An EU law to protect and secure the data of all individual citizens in EEA, privacy, and security on their personal data. This was mainly introduced on processing personal data of the EEA region individuals.
How to get an iso certification?
Here we have tried to guide our readers on How to get an ISO Certification without much hassle. We have tried to cover the different aspects that are important during ISO Certifications.
VAPT – EVIDENCE OF TECHNICAL SECURITY
What is VAPT, what are VAPT tools? What is the difference between VA and PT? How VAPT can be done internally, externally & by third party? What is black box VAPT, Grey box VAPT, and White box VAPT?