What is HITRUST?

HITRUST stands for the Health Information Trust Alliance – this is not a regulation or framework, but an organization. The HITRUST Alliance champions programs that support global organizations’ information risk management and compliance objectives, through the development and maintenance of common risk and compliance frameworks, assessments and assurance methods, including the Common Security Framework, CSF, which forms the foundation of all HITRUST services.

Taking a combined risk and compliance based approach, HITRUST CSF brings together federal and state regulations and risk-based 3rdparty and other standards into a single security framework in such a way as can be tailored to be most relevant to and appropriate for any given organization. The HITRUST CSF:

  • Includes, harmonizes and cross-references existing, globally recognized standards, regulations and business requirements, including ISO, NIST, PCI, HIPAA and State laws
  • Scales controls according to type, size and complexity of an organization
  • Provides prescriptive requirements to ensure clarity
  • Follows a risk-based approach offering multiple levels of implementation requirements determined by specific risk thresholds
  • Allows for the adoption of alternate controls when necessary
  • Evolves according to user input and changing conditions in the industry and regulatory environment on an annual basis
  • Provides an industry-wide approach for managing Business Associate compliance


What does HITRUST/CSF compliance look like?

HITRUST CSF assessment and certification is the strongest and most easily recognizable way in which HIPAA-covered entities (and their business associates) can effectively demonstrate they are taking the necessary steps to prioritize the security of electronic protected health information (ePHI) at all times through the implementation of all required administrative, physical and technological safeguards.See our HIPAA page to learn more about the definitions of “covered entity and “business associate”.


How can Pointe Solutions help you with your HITRUST compliance?

The team at Pointe Solutions is here to help you achieve and maintain HITRUST CSF certification. Our certified  HITRUST CSF assessors work with you through interviews, documentation review and testing to pull together an accurate picture of your information security program in terms of compliance, identifying where improvements could be made to further reduce risk. We are here to support you every step of the way to achieve and maintain compliance in this sometimes initially overwhelming area.

Pointe Solutions