Through HITRUST, the healthcare industry sought to create a control framework that was:
- Built specifically for the unique needs of healthcare
- Relevant through regular maintenance of supporting authoritative sources and changes in the threat environment
- Scalable to various sizes and types of organizations or systems in a controlled manner
- Tailorable through managed approvals of alternative (compensating) controls
- Based on compliance with control baselines intended to manage risk to an industry accepted level
- Capable of providing certifiable risk assurances to internal and external stakeholders, including regulators
- Supported by appropriate guidance and tools
For more information on HITRUST and the CSF, refer to the HITRUST Key Programs and Services guide.
Thanks for your feedback.