HITRUST explained

HITRUST is a privately held for-profit company located in Frisco, Texas, United States. It is solely owned by Daniel S. Nutkis who is the President and CEO. HITRUST in collaboration with healthcare, technology and information security organizations, established the HITRUST CSF. The company claims CSF is a comprehensive, prescriptive, and certifiable framework, that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.

HITRUST originally served as an acronym for "Health Information Trust Alliance", but the company has since rebranded as simply HITRUST. HITRUST includes a for-profit division (HITRUST Services Corp) and a not-for-profit division (HITRUST Alliance).

The HITRUST CSF

The HITRUST CSF (created to stand for "Common Security Framework", since rebranded as simply the HITRUST CSF) is a prescriptive set of controls that meet the requirements of multiple regulations and standards.[1] [2] The framework provides a way to comply with standards such as ISO/IEC 27000-series and HIPAA.[3] [4] Since the HITRUST CSF incorporates various security, privacy, and other regulatory requirements from existing frameworks and standards, some organizations utilize this framework to demonstrate their security and compliance in a consistent and streamlined manner.[5] Organizations can complete a self-assessment using the HITRUST framework, or they can engage with a HITRUST assessor for an external, third-party engagement.

HITRUST CSF has garnered criticism for being "cumbersome, expensive, arbitrary, unnecessarily complex", and using "outdated data".[6]

Current version 11.3 of the HITRUST Framework (HITRUST CSF®) was released on April 16, 2024.[7]

Executive Council

HITRUST is led by a management team and governed by an Executive Council made up of leaders from across a variety of industry. These leaders represent the governance of the organization, but other founders also comprise the leadership to ensure the framework meets the short- and long-term needs of the entire industry.

Executive Council members represent the following organizations:

References

Notes and References

  1. Book: Bosworth . Seymour . Kabay . M. E. . Whyne . Eric . Computer Security Handbook, Set . 2014 . John Wiley & Sons . 9781118851746 . 16 May 2019 . en.
  2. Book: Snedaker . Susan . Business Continuity and Disaster Recovery Planning for IT Professionals . 2013 . Newnes . 9780124114517 . 17 May 2019 . en.
  3. Web site: What is HITRUST CSF Certification? . Datica Health . 17 May 2019 . en.
  4. Book: Schreider . Tari . Building Effective Cybersecurity Programs: A Security Manager's Handbook . 2017 . Rothstein Publishing . 9781944480509 . 16 May 2019 . en.
  5. Web site: Microsoft Compliance. Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) (2019).
  6. Web site: Delaware Health Information Network Pursues HITRUST Certification . www.govtech.com . 20 August 2019 . en. In an open letter to the HITRUST Alliance written and posted to LinkedIn last year, a network security professional named Kamal Govindaswamy questioned the usefulness of the HITRUST CSF, describing it as “cumbersome, expensive, arbitrary, unnecessarily complex” and using “outdated data.”.
  7. Web site: HITRUST Announces CSF v11.3.0. . HITRUST Alliance . 22 April 2024 . en.