
March 8, 2023
Risk Analysis, Control Selection and Assurance with the Cybersecurity Framework Implementation Guide
By Bryan Cline, Ph.D., Chief Research Officer, HITRUST, and Robert Booker, Chief Strategy Officer, HITRUST Today, the Health Sector Coordinating Council (HSCC) Cybersecurity Working...

January 30, 2023
Q3 2022 i1 Assessment Update: Control Requirements Analysis
By Brent Zelinski, Standards Senior Manager, HITRUST Q3 2022 Threat-Adaptive Evaluation for the HITRUST Implemented, 1-Year (i1) Validated Assessment Trending Highlights: Data Encrypted for Impact...

June 23, 2022
On the Horizon: Upcoming Cyber Incident Reporting for Critical Infrastructure Act Introduces New Compliance Requirements
Complying with the Cyber Incident Reporting for Critical Infrastructure Act — which was passed into law in March of 2022 — may present new...

June 14, 2022
A Guide to Examining the Return on Investment (ROI) for a HITRUST Certification
By Tom Glaser, Practice Lead and Security Assessor, RSI Security “Why did we ask the IT security auditor to cross the road? … Because...

January 13, 2022
Creating a HITRUST Compliance Culture for IT Security – Part 2: Earning Organizational Buy-in
“Creating a HITRUST Compliance Culture” was a robust breakout session at HITRUST Collaborate 2021 conference. The panel discussion featured experts from three independent external...

January 6, 2022
Creating a HITRUST Compliance Culture for IT Security – Part 1: Adopting the CSF Framework
Some organizations view IT security audits as “check-the-box” exercises simply to comply with regulations and standards. They’re driven primarily by external factors, such as...

July 9, 2021
HIPAA Compliance, Audits, and the MyCSF Compliance and Reporting Pack for HIPAA
By Leslie Weinstein, Solutions Director, HITRUST With many years of experience in cybersecurity, I can say with confidence that health information security is not...

April 1, 2020
Addressing the Impact of COVID-19 on CSF Assessment Procedures
By Jeremy Huval, Chief Compliance Officer As COVID-19 continues to spread across the globe and affect the way we live and work, countries around...

September 27, 2017
Achieving the Benefits of the NIST Cybersecurity Framework
Comparing the NIST Cybersecurity Framework and HITRUST Common Security Framework The NIST Cybersecurity Framework (NIST CsF) continues to gain traction as a tool for...

November 21, 2017
Why HITRUST?
Written by Sean Murphy, Vice President and Chief Information Security Officer, Premera. Misguided…uninformed…cynical…maybe. Brilliant…accurate…shared by you?…could be! In any case, I thought I’d share...

September 27, 2017
Juggling Act: Effective Security Due Diligence During M&A Periods
Written by Ryan Freeman-Jones, Senior Manager and West Coast Office Lead, Meditology Services Healthcare mergers and acquisitions (M&A) have quickly become one of the...

September 22, 2017
New Self-Paced HITRUST Certified CSF Practitioner Refresher Course Available
HITRUST understands that our practitioners are busy, and to make it easier for them to keep their certification up to date and in good...