What is HITRUST®?
What is HITRUST CSF®?
- HITRUST is a security and privacy framework across all industries (not only healthcare). HITRUST was built upon the International Organization for Standardization (ISO) framework and the National Institute of Standards and Technology (NIST) framework but it has expanded to include other regulatory advancements such as such as HIPAA privacy, security and breath notification rules, MARS-E, NIST AI RMF, FedRAMP and StateRAMP to name just a few of the 50+ regulatory factors that can be scoped into an assessment. HITRUST aims to standardize requirements and is a certifiable framework.
What is the most recent version of HITRUST?
- As of November 2024, the most recent version of the HITRUST CSF is version 11. Subscribers of HITRUST can be certified on lower versions of the HITRUST CSF through April 2025. This only applies to version 9.5.0 and version 9.6.2
What are the differences between HITRUST and other assurance programs?
- As an assessor, Baker Tilly executes the HITRUST certifiable validated assessments under non-attest standards (vs. the American Institute of Certified Public Accountants (AICPA). HITRUST is the organization that provides its certification of the report, not the assessor.
What is the MyCSF® tool?
- MyCSF is an online Software as a Service (SaaS) application that HITRUST owns and provides support. Once an organization becomes a subscriber to HITRUST, it will gain access to the online tool. This is the only way to efficiently tailor an assessment and generate the control requirements. The tool maintains the administrative requirements along with the selected factors used for scoping an assessment, a library of documentation and maturity of controls and domains.
HITRUST offers different levels of assessments as indicated below; e1, i1, and r2, to cater to varying levels of risk and contractual needs. Also, HITRUST may update the current version multiple times a year to account for new regulatory requirements.
What are the
Article Tags
