Providers, Payors, PBMs, etc.

Healthcare organizations benefit from the HITRUST CSF – a scalable, prescriptive and certifiable framework specific to healthcare organizations. The MyCSF tool provides organizations of all types and sizes with a secure, web-based solution for accessing the CSF, performing assessments and managing compliance. HITRUST Academy educates individuals about information protection in the healthcare industry and utilization of the CSF to manage risk. The HITRUST Cyber Threat Intelligence and Incident Coordination Center provides cyber threat warning and intelligence services by informing them of general and sector-specific threats impacting the industry.

Texas Covered Entity Privacy and Security Certification

The Texas Health Services Authority (THSA) and HITRUST have partnered to develop and manage this program in accordance with Texas House Bill (HB) 300 passed in 2011. HITRUST has developed resources and tools to aid organization in understanding the requirements and preparing for and undergoing an assessment.

Read More


Business associates can streamline the compliance process and reduce costs with a standardized approach to performing assessments and reporting security controls by utilizing the MyCSF tool to perform a CSF assessment and report once against a multiple sets of requirements and to multiple entities. HITRUST Academy provides individuals with the knowledge and skills to utilize the CSF and perform assessments as well as general knowledge and skills for protecting health information.

Get started on an assessment

You can begin reporting your information security posture to multiple healthcare industry partners using a standardized and user-friendly set of tools and methodologies in 5 easy steps.

Learn More


Organizations can partner with HITRUST to provide trained resources to healthcare organizations of varying size and complexity to assess compliance with security control requirements, develop corrective action plans that align with the CSF, and provide remediation for organizations looking to be fully compliant with the myriad of authoritative sources incorporated into the HITRUST CSF. These organizations are called CSF Assessors and have met certain criteria as well as completed courses to become Certified CSF Practitioners.

Read more about becoming an assessor.


HITRUST Academy offers the only training courses designed to educate healthcare security professionals about information protection in the healthcare industry and the utilization of the HITRUST Common Security Framework (CSF) to manage risk.

Read More

HITRUST C3 Cybersecurity Programs to Enhance Healthcare Industry Sharing Including Anthem Data Breach Information

Frisco, TX – February 9, 2015: To ensure the healthcare industry has access to timely and accurate information relating to the recent Anthem cybersecurity breach, the Health Information Trust Alliance (HITRUST) is implementing changes and additions to its Cyber Threat Intelligence and Incident Coordination Center (C3), a federal recognized Information Sharing and Analysis Organization (ISAO)…

Read More

C3 Alert: Anthem Cyber-Related Breach

It was announced recently that Anthem, Inc. had been victim to a cyber-related breach. Anthem has been collaborating with the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) since initial discovery of suspicious activity on its network, including sharing of various indicators of compromise (IOCs) consisting of MD5 hashes, IP addresses, and threat actor…

Read More

Three Key Data Security Issues HITRUST Needs to Consider

Published on: January 23, 2015 By: Anne Zieger, Contributing Editor – Healthcare Dive Over the last couple of weeks, a number of healthcare associations have taken proactive measures to help ensure the viability and security of healthcare data. For example, the American College of Physicians issued a searing position statement criticizing EHR applications and vendors…

Read More

Go To News Archive

Healthcare Industry Responds to President’s New Executive Order on Cybersecurity

Frisco, TX – February 17, 2015: The Health Information Trust Alliance (HITRUST) announced today a statement in response to the Presidential “Executive Order – Promoting Private Sector Cybersecurity Information Sharing.” Topic The President signed on Friday the “Executive Order – Promoting Private Sector Cybersecurity Information Sharing” during the White House Summit on Cybersecurity and Consumer…

Read More

HITRUST and Deloitte Kick-off Cyber Preparedness and Education Town Hall Events for Health Care Industry

CyberRX 2.0 builds industry-wide resilience to protect the nation’s health operations NEW YORK, Jan. 22, 2015: The Health Information Trust (HITRUST) Alliance and Deloitte, a leader in cyber risk services, will hold cyber preparedness, education and simulation events in major cities across the U.S. These cyber town hall sessions, part of the ongoing HITRUST CyberRX…

Read More

HITRUST and Industry to Establish Roadmap for Improving the Security of Health Information Systems and Medical Devices

Industry leaders convene working group to address growing concerns over health information systems and medical device security by establishing a Health Information Technology (HIT) framework for vulnerability avoidance, reporting, and mitigation Frisco, TX – January 15, 2015: The Health Information Trust Alliance (HITRUST) announced today the establishment of a working group whose mission is to…

Read More

Go To Archive

Join NIST and HITRUST in a discussion about Cyber Security Frameworks

Published on: November 12, 2014 On February 12, 2014, NIST issued the Framework for Improving Critical Infrastructure Cybersecurity in response to Executive Order 13636. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to help critical infrastructure, including the Healthcare and Public Health Sector, manage cybersecurity risk. To learn…

Read More

CyberRX 2.0 Playbook and Webinar Now Available

The CyberRX 2.0 Level I Playbook is now available for download, and a webinar has been scheduled to provide insights and expectations for those considering participation and guidance for those wanting to get started. Discussion topics will include program overview, value of participation, what to expect, getting started, how to get help and rules and…

Read More

Educational Webinar Series: MyCSF – A Customer’s Perspective

Published on: October 21, 2014 HITRUST is announcing a new webinar series that will provide participants with the opportunity to hear and interact with organizations using the HITRUST MyCSF to manage their information security programs and implement secure measures to comply with HIPAA, HITECH and other compliance requirements. To learn more about this webinar series,…

Read More

View Current Events View Past Events