HITRUST Academy: Training for Practitioners

A comprehensive 5-day class, HITRUST Training for Practitioners educates healthcare security professionals about information protection in the healthcare industry and utilizing the Common Security Framework (CSF) to manage risks. Participants will develop competency to implement policies, procedures and technical controls for the purpose of attaining HITRUST certification.

The HITRUST Training for Practitioners Course is open to individuals from organizations planning to implement the CSF and from professional services firms or vendors wanting to become a CSF Assessor. Attendees must pass the Practitioner Exam delivered on the final day of the course in order to become certified to perform CSF related assessment, implementation, remediation and certification activities. *

Training classes are scheduled monthly, and onsite training can be arranged for organizations wishing to train 10 or more. **

The cost of the course, including the exam, is $3,000 per individual. Participants are eligible for 32 hours of CISSP CPE credit. ***

The course includes two modules:

Module 1: Understanding the Healthcare Landscape and Critical Security Risks

Topics include:
  • Introduction to HITRUST and the Common Security Framework (CSF)
  • Overview of the healthcare industry including key players and how they interconnect
  • Analysis and discussion of trends in the healthcare industry as they relate to privacy and security (e.g., challenges and constraints, top concerns, where organizations are focusing their initiatives)
  • Overview of the regulatory landscape that affects healthcare organizations (e.g., compliance agencies, standards, regulations)
  • Discussion on the history of privacy, why it is important, trends looking forward, and how it affects the security organization in the healthcare industry.
  • Analysis of the top threats and breaches of PHI affecting healthcare organizations and relating this to risks and controls

Module 2 : Utilizing the CSF and CSF Assurance Program

Topics include:
  • A detailed review of the structure of the CSF, including the control objectives, multiple levels of implementation requirements, risk factors and authoritative sources cross referenced
  • Introduction and overview to the CSF Assurance Program as a means of managing and communicating security internally and with third parties (e.g., business associates, customers, vendors)
  • Explanation of the difference between CSF Validated and CSF Certified and the value to an organization
  • Introduction and overview of the tools and methodology for utilizing the CSF
  • Discussion of best practices for adopting the CSF and performing an assessment
  • A review of the requirements for CSF Certification

* Perspective Practitioners should note that HITRUST specifies a number of requirements for maintaining the CSF Practitioner designation. HITRUST only mandates these requirements for CSF Assessors, however, should an individual who is not a member of a CSF Assessor's workforce wish to maintain the CSF Practitioner designation, we strongly recommend reviewing Section 3 of the CSF Assessor Requirements.

** It is highly recommended that each trainee comes equipped with a personal computer, preferably with a Windows Operating System.

*** Tuition includes a one-year Standard subscription to HITRUST Central. For more information please visit our website.

Download the course information sheet to learn more.
View the Sample Agenda.

Training Details

Schedule
Registration Request Form
HITRUST Academy Home

HITRUST Central

A Professional subscription provides access to the online, interactive CSF , the CSF Assurance Toolkit, and many other resources developed specifically for healthcare information security professionals.

CSF Assurance Program

Learn how the program simplifies compliance assessment and reporting through a common set of information security requirements.

News Events