Back to Basics: What is HITRUST?
A-LIGN’s HITRUST Assessors are often asked: What is HITRUST and why do I need it? As healthcare organizations face stricter regulatory needs in light of an increase in healthcare-related breaches, many organizations are considering HITRUST as an option for risk management and mitigation.
What is HITRUST?
HITRUST, or the Health Information Trust Alliance, was created in order to develop a consistent system for healthcare organizations and business associates to manage information security. The scalable framework is valuable to any organization that creates, accesses, stores or exchanges personal health information or financial information.
HITRUST uses many existing standards and regulations as a framework, such as HIPAA, HITECH, PCI DSS, COBIT, NIST, ISO and more. By utilizing a variety of standards, the HITRUST Common Security Framework (CSF) offers extensive certification options for organizations. These include a variety of different implementation requirements that depend on the risks that your organization faces, as well as prescriptive requirements that ensure clarity. Controls can be modified based on organization size and type, system and regulatory requirements.
Who requests that I become HITRUST certified?
Organizations are typically asked by their partners and/or business associates to provide a CSF Assurance report. For example, large healthcare organizations such as Anthem Inc., Health Care Services Corp., and Highmark Inc., are requiring that their business associates take steps to become HITRUST CSF compliant.
Why do I have to do it?
Many organizations require that their business associates and partners utilize HITRUST as a consistent information security system. As a result, becoming HITRUST compliant allows your organization a point of differentiation amongst competition.
Additionally, becoming HITRUST compliance allows your organization to minimize the risk of a potential breach, which can be damaging to client relationships and the reputation of your organization. Click here to learn more about our HITRUST services.