Company:HITRUST

From HandWiki

HITRUST is a privately held company located in Frisco, Texas , United States that, in collaboration with healthcare, technology and information security organizations, established the HITRUST CSF. The company claims CSF is a comprehensive, prescriptive, and certifiable framework, that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.

HITRUST originally served as an acronym for "Health Information Trust Alliance", but the company has since rebranded as simply HITRUST. HITRUST includes a for-profit division (HITRUST Services Corp) and a not-for-profit division (HITRUST Alliance).

The HITRUST CSF

The HITRUST CSF (created to stand for "Common Security Framework", since rebranded as simply the HITRUST CSF) is a prescriptive set of controls that meet the requirements of multiple regulations and standards.[1][2] The framework provides a way to comply with standards such as ISO/IEC 27000-series and HIPAA.[3][4] Since the HITRUST CSF incorporates various security, privacy, and other regulatory requirements from existing frameworks and standards, some organizations utilize this framework to demonstrate their security and compliance in a consistent and streamlined manner.[5] Organizations can complete a self-assessment using the HITRUST framework, or they can engage with a HITRUST assessor for an external, third-party engagement.

HITRUST CSF has garnered criticism for being "cumbersome, expensive, arbitrary, unnecessarily complex", and using "outdated data".[6][4]

Current version of CSF is v11, released in January 2023.

Executive Council

HITRUST is led by a management team and governed by an Executive Council made up of leaders from across a variety of industry. These leaders represent the governance of the organization, but other founders also comprise the leadership to ensure the framework meets the short- and long-term needs of the entire industry.

Executive Council members represent the following organizations:


References

  1. Bosworth, Seymour; Kabay, M. E.; Whyne, Eric (2014) (in en). Computer Security Handbook, Set. John Wiley & Sons. ISBN 9781118851746. https://books.google.com/books?id=yKQ6AwAAQBAJ&dq=hitrust&pg=PT2502. Retrieved 16 May 2019. 
  2. Snedaker, Susan (2013) (in en). Business Continuity and Disaster Recovery Planning for IT Professionals. Newnes. ISBN 9780124114517. https://books.google.com/books?id=vT8TAAAAQBAJ&dq=ISO+27000+hitrust&pg=PA324. Retrieved 17 May 2019. 
  3. "What is HITRUST CSF Certification?" (in en). https://content.datica.com/what-is-hitrust-csf-certification. Retrieved 17 May 2019. 
  4. 4.0 4.1 Schreider, Tari (2017) (in en). Building Effective Cybersecurity Programs: A Security Manager's Handbook. Rothstein Publishing. ISBN 9781944480509. https://books.google.com/books?id=R8E6DwAAQBAJ&dq=hitrust&pg=PT53. Retrieved 16 May 2019. 
  5. "Microsoft Compliance. Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) (2019)". https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-hitrust. 
  6. "Delaware Health Information Network Pursues HITRUST Certification" (in en). https://www.govtech.com/security/Delaware-Health-Information-Network-Pursues-HITRUST-Certification.html. Retrieved 20 August 2019. "In an open letter to the HITRUST Alliance written and posted to LinkedIn last year, a network security professional named Kamal Govindaswamy questioned the usefulness of the HITRUST CSF, describing it as “cumbersome, expensive, arbitrary, unnecessarily complex” and using “outdated data.”"