Through HITRUST, the healthcare industry sought to create a control framework that was:

  • Built specifically for the unique needs of healthcare
  • Relevant through regular maintenance of supporting authoritative sources and changes in the threat environment
  • Scalable to various sizes and types of organizations or systems in a controlled manner
  • Tailorable through managed approvals of alternative (compensating) controls
  • Based on compliance with control baselines intended to manage risk to an industry accepted level
  • Capable of providing certifiable risk assurances to internal and external stakeholders, including regulators
  • Supported by appropriate guidance and tools

For more information on HITRUST and the CSF, refer to the HITRUST Key Programs and Services guide.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment