Healthcare entities and related business associates (e.g., health plans, healthcare clearinghouses, exchanges, healthcare providers, and organizations that conduct certain financial, research, and administrative functions) are being asked with increased frequency to demonstrate that they meet a variety of security and privacy requirements such as the HIPAA Security & Privacy Rules, NIST, ISO, PCI and other standards. These entities are often replying to hundreds of individual audit requests and customer questionnaires annually in response to request for proposals; many of these responses require a separate analysis and response to the same or overlapping questions. In addition, entities responding to these third-party requests must do so in a multitude of forms and reporting formats.
To address the breadth and depth of compliance while reducing the complexities and costs associated with meeting multiple compliance requirements, HITRUST developed the HITRUST CSF and CSF Assurance program. The HITRUST CSF provides organizations with the requirements and practices necessary to help ensure information and cybersecurity-related risks are managed smartly and consistent with their many business, risk and compliance objectives.
The HITRUST CSF is supported by the HITRUST CSF Assurance program, an assessment model that provides transparency, accuracy, consistency, and scalability to ensure reliability, i.e., the ability of a third party to rely on the assurances provided by the organization. The entire framework, including the assessment approach, should be publicly available to ensure transparency and openness, ensure accuracy and consistency in the evaluation and reporting of implemented controls, regardless of the specific assessor used, and should be scalable across the industry, both in the number and the types of entities that may be assessed.
Sometimes, organizations need a helping hand to get started. For others—those already using the program, for example—perhaps tuning it to get the best results is what you are looking for. In either case, for attendees interested in learning more about the HITRUST CSF and CSF Assurance program—which uniquely brings the ability to assess once and report many for HIPAA, SOC 2, and NIST—the following compliance-oriented HITRUST 2017 sessions are a good place to start.
- 360 Degree Assurance: Emerging Business Drivers for Provider Certification
- Streamline EHNAC & HITRUST Assessments for Reduced Redundancy, Cost & Complexity
- Third Party Risk: Achieving Assurance, Coverage & Agreement
- Debrief: A SOC 2 Audit | HITRUST Validated Assessment Experience
- SOC 2 + HITRUST: Understanding the Benefits
- Third Party Assurance – Business Associates & Vendor Roles
- NIST CsF Guidance Update
- Less is More: Mastering the Art of SOC 2
- HITRUST CSF: Industry Agnostic Adoption & Business Case for Adoption
- HITRUST – A Path to Efficiency & Control in Operations
And, as was noted in our introductory What to Expect post, in addition to finding HITRUST 2017 as the perfect occasion to learn about risk management and compliance, attendees will have a number of opportunities to take a break for a little networking and socializing with fellow attendees at various evening receptions or between sessions.
Get all the details, including date, time and all of the speaker information, directly from the Conference Agenda page. If you’re interested in attending some of these sessions, register for the event now.
We look forward to seeing you there!