Providers, Payors, PBMs, etc.

Healthcare organizations benefit from the HITRUST CSF – a scalable, prescriptive and certifiable framework specific to healthcare organizations. The MyCSF tool provides organizations of all types and sizes with a secure, web-based solution for accessing the CSF, performing assessments and managing compliance. HITRUST Academy educates individuals about information protection in the healthcare industry and utilization of the CSF to manage risk. The HITRUST Cyber Threat Intelligence and Incident Coordination Center provides cyber threat warning and intelligence services by informing them of general and sector-specific threats impacting the industry.

Texas Covered Entity Privacy and Security Certification

The Texas Health Services Authority (THSA) and HITRUST have partnered to develop and manage this program in accordance with Texas House Bill (HB) 300 passed in 2011. HITRUST has developed resources and tools to aid organization in understanding the requirements and preparing for and undergoing an assessment.

Read More


Business associates can streamline the compliance process and reduce costs with a standardized approach to performing assessments and reporting security controls by utilizing the MyCSF tool to perform a CSF assessment and report once against a multiple sets of requirements and to multiple entities. HITRUST Academy provides individuals with the knowledge and skills to utilize the CSF and perform assessments as well as general knowledge and skills for protecting health information.

Get started on an assessment

You can begin reporting your information security posture to multiple healthcare industry partners using a standardized and user-friendly set of tools and methodologies in 5 easy steps.

Learn More


Organizations can partner with HITRUST to provide trained resources to healthcare organizations of varying size and complexity to assess compliance with security control requirements, develop corrective action plans that align with the CSF, and provide remediation for organizations looking to be fully compliant with the myriad of authoritative sources incorporated into the HITRUST CSF. These organizations are called CSF Assessors and have met certain criteria as well as completed courses to become Certified CSF Practitioners.

Read more about becoming an assessor.


HITRUST Academy offers the only training courses designed to educate healthcare security professionals about information protection in the healthcare industry and the utilization of the HITRUST Common Security Framework (CSF) to manage risk.

Read More

HITRUST Announces CyberRX 2.0 Program

Published on: September 3, 2014 HITRUST announced today that over 750 healthcare organizations have signed-up to participate in the healthcare industry’s cyber attack simulation exercise, CyberRX 2.0, to begin in October 2014. This overwhelming response is the result of the success and important lessons learned from the inaugural CyberRX exercise held in April 2014. It…

Read More

The New Healthcare Vulnerability: Closing the Cybersecurity Leadership Gap

Published on: August 11, 2014 HITRUST and Southern Methodist University invest in strengthening the role of the healthcare CISO with new graduate program HITRUST, in partnership with Southern Methodist University’s (SMU) Cox School of Business, today announced the first Healthcare Information Security and Technology Risk Management Graduate Certificate Program. This new program was founded to…

Read More

Industry Working Group Addresses Demand to Align HITRUST CSF with AICPA’s SOC 2 Reporting

Published on: August 1, 2014 Healthcare organizations are seeking more efficiencies in the compliance reporting process while demand for CSF Certifications and SOC 2 reports is increasing The Health Information Trust Alliance (HITRUST), the leading organization supporting the healthcare industry in advancing the state of information protection and responsible for the development of the Common…

Read More

Go To News Archive

Web Summit: Third Party Information Assurance

Published on: August 19, 2014 HITRUST is coordinating a web summit on October 7, 2014 at 1:00 PM Central Time to enable industry leaders to discuss the current environment, share lessons learned and approaches regarding the escalating issue of how best to improve compliance and efficiencies in business partner information protection. The event will include…

Read More

Managing Business Risk with HITRUST (Webinar)

Published on: July 1, 2014 Managing Business Risk with HITRUST (Webinar)

Read More

HITRUST CSF Assurance Program

Published on: July 1, 2014 HITRUST CSF Assurance Program

Read More

View Current Events View Past Events