The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.

HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.

The CSF is an information security framework that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). As a framework, the CSF provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. Individuals can access the CSF through HITRUST Central or with a subscription to MyCSF a secure, Web-based solution for performing assessments, managing remediation activities, and reporting and tracking compliance.

HITRUST is led by a seasoned management team and governed by a Board of Directors made up of leaders from across the healthcare industry and its supporters. These leaders represent the governance of the organization, but other founders also comprise the leadership to ensure the framework meets the short and long term needs of the entire industry.

Beyond the establishment of the CSF, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through education, advocacy and other outreach activities. Ultimately, an organization’s adoption of the CSF will establish confidence in its ability to ensure the security of personal health information.