Providers, Payors, PBMs, etc.

Healthcare organizations benefit from the HITRUST CSF – a scalable, prescriptive and certifiable framework specific to healthcare organizations. The MyCSF tool provides organizations of all types and sizes with a secure, web-based solution for accessing the CSF, performing assessments and managing compliance. HITRUST Academy educates individuals about information protection in the healthcare industry and utilization of the CSF to manage risk. The HITRUST Cyber Threat Intelligence and Incident Coordination Center provides cyber threat warning and intelligence services by informing them of general and sector-specific threats impacting the industry.

Texas Covered Entity Privacy and Security Certification

The Texas Health Services Authority (THSA) and HITRUST have partnered to develop and manage this program in accordance with Texas House Bill (HB) 300 passed in 2011. HITRUST has developed resources and tools to aid organization in understanding the requirements and preparing for and undergoing an assessment.

Read More


Business associates can streamline the compliance process and reduce costs with a standardized approach to performing assessments and reporting security controls by utilizing the MyCSF tool to perform a CSF assessment and report once against a multiple sets of requirements and to multiple entities. HITRUST Academy provides individuals with the knowledge and skills to utilize the CSF and perform assessments as well as general knowledge and skills for protecting health information.

Get started on an assessment

You can begin reporting your information security posture to multiple healthcare industry partners using a standardized and user-friendly set of tools and methodologies in 5 easy steps.

Learn More


Organizations can partner with HITRUST to provide trained resources to healthcare organizations of varying size and complexity to assess compliance with security control requirements, develop corrective action plans that align with the CSF, and provide remediation for organizations looking to be fully compliant with the myriad of authoritative sources incorporated into the HITRUST CSF. These organizations are called CSF Assessors and have met certain criteria as well as completed courses to become Certified CSF Practitioners.

Read more about becoming an assessor.


HITRUST Academy offers the only training courses designed to educate healthcare security professionals about information protection in the healthcare industry and the utilization of the HITRUST CSF to manage risk.

Read More

New Program to Improve Cyber Insurance Coverage for Healthcare Industry

HITRUST announced in a press release earlier this week a partnership with Willis Group to identify a common approach to improve cyber insurance coverage and premiums for the healthcare industry by the end of 2015. The new platform will be the first industry-specific cyber insurance program and will leverage the HITRUST CSF and CSF Assurance…

Read More

Healthcare Organizations Expanding the Use of the HITRUST CSF to Reduce Third-Party Risk

HITRUST announced yesterday (view press release) an expansion of the healthcare industry’s use of the CSF Assurance program in support of efforts to efficiently and effectively manage third-party risk. A growing number of healthcare organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will now require their business associates to obtain CSF…

Read More

HITRUST Statement on Healthcare Industry Cyber Breach Events

HITRUST commonly receives inquiries about recent healthcare related cyber breaches, as HITRUST is the leading authority on healthcare information protection and operates the most active and sophisticated cyber threat intelligence sharing service for the healthcare industry, HITRUST Cyber Threat XChange (CTX). As a federally recognized Information Sharing and Analysis Organization (ISAO), we are in constant…

Read More

Go To News Archive

HITRUST and Willis Partner to Improve Cyber Insurance Coverage and Premiums for the Healthcare Industry

First Industry-Specific Cyber Insurance Program to Leverage HITRUST CSF Frisco, TX – July 22, 2015: The Health Information Trust Alliance (HITRUST), the leading organization supporting the healthcare industry in advancing the state of information protection, today announced a partnership with Willis North America. The unit of Willis Group Holdings, plc., the global risk advisory, reinsurance…

Read More

CSF Assurance Program Adoption Key to More Effective Third-Party Risk Management in the Healthcare Industry

Additional 7,500 business associates required to obtain CSF Certification within 24 months Frisco, TX—June 29, 2015: The Health Information Trust Alliance (HITRUST) is announcing today an expansion of the healthcare industry’s use of the CSF Assurance program in support of efforts to efficiently and effectively manage the third-party assurance process. An increasing number of healthcare…

Read More

HITRUST to Launch First Comprehensive Study of Targeted Cyber Threats Impacting Healthcare Industry

Lack of Empirical Data to be Addressed by Collecting and Analyzing the Methods, Magnitude and Pervasiveness of Cyber Threats Frisco, TX – April 6, 2015: HITRUST announced today that it is undertaking the first empirical and comprehensive study, called HITRUST Cyber Discovery, to analyze the methods, severity and pervasiveness of cyber threats targeting a variety…

Read More

Go To Archive

Cyber Threat XChange SIEM Integration Webinar

Join HITRUST for this free training webinar to walk your organization through installation associated with CTX SIEM Splunk integration and automated workflow setup. The HITRUST Cyber Threat XChange (CTX) automates the process of collecting and analyzing cyber threats and distributing actionable indicators in electronically consumable format that organizations of varying sizes and cyber security maturity…

Read More

HITRUST De-Identification Framework Webinar

The Health Information Trust Alliance (HITRUST) announced the new HITRUST De-Identification Framework, developed to improve patient privacy and enhance innovation and the improved use of healthcare data. The framework meets the need of healthcare organizations for greater guidance and consistency in the de-identification and use of de-identified healthcare data, while simplifying and streamlining the process….

Read More

Join NIST and HITRUST in a discussion about Cyber Security Frameworks

Published on: November 12, 2014 On February 12, 2014, NIST issued the Framework for Improving Critical Infrastructure Cybersecurity in response to Executive Order 13636. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to help critical infrastructure, including the Healthcare and Public Health Sector, manage cybersecurity risk. To learn…

Read More

View Current Events View Past Events