HITRUST works closely with NIST and we constantly analyze their documentation to see what additional guidance can be utilized. Many guidelines—most often those that are very technical or technology-specific—are typically outside the scope of the HITRUST CSF; however, HITRUST will review these practice guides, determine how HITRUST CSF adopters can best leverage this type of documentation, and provide supporting guidance to the healthcare community, e.g., through HITRUST Implementation Advisories, as needed.

For more information on the HITRUST approach to risk management, refer to the HITRUST Risk Management Frameworks and Understanding HITRUST’s Approach to Risk vs. Compliance-based Information Protection brochures.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment