HITRUST Certification

HITRUST CERtification with VAnRein compliance

HITRUST certification enables vendors and covered entities to demonstrate compliance to HIPAA requirements based on a standardized framework.

What is HITRUST?

HITRUST stands for the Health Information Trust Alliance. It was founded in 2007 and uses the “HITRUST approach” to help organizations from all sectors–but especially healthcare–effectively manage data, information risk, and compliance. HITRUST was organized with the intent to provide an option for the healthcare sector to address information risk management across a matrix of third-party assurance assessments, with the hope of consolidating, reducing, and in some cases, eliminating the need for multiple reports. HITRUST refers to this design element as “assess once, report many.”

What is HITRUST CSF Certification

Organizations that create, access, store, or exchange sensitive information can use the HITRUST Common Security Framework (CSF) assessment as a roadmap to data security and compliance. The CSF is a certifiable (by security assessors) standard and was designed as a risk-based approach to organizational security–as opposed to a compliance-based approach. The HITRUST CSF assurance program combines aspects from common security frameworks like ISO, NIST, PCI, and HIPAA. Between the CSF’s 19 reporting domains are 149 control specifications which can each be assessed to one of three implementation levels.

How to get HITRUST certification?

What HITRUST calls the “HITRUST approach” provides organizations a comprehensive information risk management and compliance program. This blend of security and compliance mandates provides an integrated approach that ensures all programs are aligned, maintained, and comprehensively support an organization’s information risk management and compliance objectives. HITRUST certification requires an independent assessment. The length of the assessment depends on the size and complexity of an organization, its scope and the amount of counseling. According to HITRUST, the certification process can take an additional 6 weeks after an assessment is complete.