The latest version of the CSF framework is available on our website for qualified organizations. A qualified organization is defined as any organization employing a function or activity involving the use or disclosure of individually identifiable health information, provided that said organization does not provide security products or services. Additionally, any federal, state or local agency or department may be considered a qualified organization. HITRUST has the right to verify eligibility.
References: CSF Framework Download (Requires agreeing to the HITRUST CSF License Agreement)
If you are not sure whether your organization is qualified, please contact firstname.lastname@example.org or call 855-HITRUST.