Healthcare entities and related business associates (e.g., health plans, healthcare clearinghouses, exchanges, healthcare providers, and organizations that conduct certain financial, research, and administrative functions) are being asked with increased frequency to demonstrate that they meet a variety of security and privacy requirements such as the HIPAA Security & Privacy Rules, NIST, ISO, PCI and other standards. These entities are often replying to hundreds of individual audit requests and customer questionnaires annually in response to request for proposals; many of these responses require a separate analysis and response to the same or overlapping questions. In addition, entities responding to these third-party requests must do so in a multitude of forms and reporting formats.

To address the breadth and depth of compliance while reducing the complexities and costs associated with meeting multiple compliance requirements, HITRUST developed the HITRUST CSF and CSF Assurance program. The HITRUST CSF provides organizations with the requirements and practices necessary to help ensure information and cybersecurity-related risks are managed smartly and consistent with their many business, risk and compliance objectives. Read More>>