HITRUST’s visionary approach to assurance is evident in its strategic initiatives. As we look toward 2024, HITRUST continues to innovate and expand its offerings. Initiatives like the AI Assurance Program, PLUS Reports, and Insights Reports will further empower organizations to demonstrate trust in protecting sensitive information and managing cyber risk.  

Pioneering AI assurance  

The advent of generative AI, exemplified by technologies like OpenAI’s ChatGPT, has ushered in a new era of innovation. AI can steer transformational economic and societal impacts. However, it comes with varied risks. Recognizing this, HITRUST is launching its AI Assurance Program as the first of its kind, offering security control assurances for generative AI and other AI model applications.  

The Program aims to provide organizations with the tools to identify and manage AI-related risks effectively. It is built on foundations set by the HITRUST CSF version 11.2, which includes the AI Risk Management compliance factor.  

AI service providers and organizations implementing AI systems will further benefit from HITRUST’s AI certification. Organizations will be able to demonstrate with confidence that they are managing AI risks through a proven and reliable approach. AI certifications will be supported over the HITRUST e1, i1, and r2 reports.  

Enhancing flexibility  

HITRUST is working to enhance the scope of its validated assessments through the introduction of e1 PLUS and i1 PLUS Reports. Organizations will be able to expand their e1 and i1 assessments by incorporating additional authoritative sources. They will be able to select and tailor controls, similar to how it’s done in r2 assessments.  

The increased flexibility and added value will benefit organizations that have multiple security and compliance requirements. The introduction of PLUS Reports signifies HITRUST’s commitment to adaptability and precision in risk management, catering to diverse industry needs with a unified approach.  

Broadening insights 

HITRUST is set to release a series of Insights Reports, offering organizations valuable perspectives on their adherence to different authoritative sources. This will extend beyond the existing HIPAA Insights Reports.  

Organizations that complete e1 PLUS, i1 PLUS, or r2 validated assessments will be able to use these Insights Reports in communicating their security and compliance maturity. The initiative will enhance the flexibility and scalability of HITRUST’s offerings.    

Leading cyber risk management 

As HITRUST continues to broaden its industry impact in 2024, these initiatives highlight the organization’s dedication to innovation and leadership in cyber risk management. HITRUST is not just keeping pace with technological advancements but is actively shaping the landscape of global security and compliance standards. HITRUST’s evolving suite of assurance products represents a robust roadmap for navigating the complexities of modern cybersecurity and ensuring organizations are well-equipped to face the challenges and opportunities of the digital age.  

To learn more about why HITRUST is trusted by leading organizations for cyber risk management, check out the HITRUST 2024 Trust Report.