What is HITRUST?
HITRUST, or the Health Information Trust Alliance, is a privately held company located in the United States that, along with its partners, established the HITRUST CSF, a comprehensive, certifiable security framework, to address the multitude of security, privacy, and regulatory challenges facing organizations in order to comply with healthcare regulations. HITRUST CSF is a scalable, flexible framework that provides organizations with a comprehensive, yet tailor-made approach towards information risk management and compliance.
Why HITRUST Exists?
HITRUST was created to mature and standardize information security management in the healthcare sector, primarily due to the multitude of regulations such as HIPAA, HITECH, and state laws concerning protecting health and payment card information. The goal is to simplify these regulations into a single framework that healthcare organizations can follow to ensure they are compliant and their data is secure.
Who Needs HITRUST?
HITRUST certification is mostly needed by organizations in the healthcare sector. This includes healthcare providers, organizations that deal with ePHI (electronic Protected Health Information), health insurance companies, and other vendors, such as software companies, in the healthcare industry. Achieving HITRUST CSF certification demonstrates to these organizations' clients, partners, and stakeholders that they have a world-class data protection and compliance program.
Application of HITRUST in Cloud Infrastructure and SaaS
In the context of cloud infrastructure and Software as a Service (SaaS) which are now common in the healthcare space, HITRUST provides important guidance. The framework requires that controls are in place to secure data at rest, in transit, and during processing. Moreover, it identifies the specific roles and privileges that need to be in place for those accessing the cloud services or SaaS. As a gold standard in healthcare security, a HITRUST CSF certification serves to reassure patients, healthcare providers, and vendors that their sensitive health information is being managed with the utmost security in mind.
The Commonality of HITRUST
HITRUST CSF has gained substantial acceptance as the definitive security and privacy framework in the healthcare industry. Many organizations are requiring their business associates to become HITRUST certified. This is clearly indicative of how HITRUST CSF has become a common measure of an organization's commitment to managing information risk and maintaining the highest level of data protection and regulatory compliance.