What is HITRUST?
HITRUST is the Health Information Trust Alliance, a collaboration with healthcare, technology and information security leaders. They have established the Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data such as PHI (protected health information). The CSF includes a prescriptive set of controls that seek to harmonize the requirements of multiple regulations and standards, and has a set of increasing requirements depending on the size of the organization. The HITRUST CSF brings a universal framework that fully integrates HIPAA Security Rule requirements with the standards of ISO, NIST and many other federal and state requirements.
HITRUST also has their MyCSF tool, a GCR tool that allows organizations to upload and self-assess their compliance with the HITRUST CSF as they work toward HITRUST certification.