HITRUST takes a proactive leadership role in addressing many of the unique challenges associated with the implementation and maintenance of information protection and cybersecurity risk management programs within the healthcare industry. But HITRUST’s position as an industry thought leader comes in large measure from its strategic alliances and the broader healthcare community HITRUST supports.
The thought leadership documents below come from organizations who support, leverage, and use HITRUST products and services. They include presentations from public forums, conferences, and joint collaborative sessions.
We have made these available for your reference to support the sharing of relevant information on cybersecurity framework implementation through the HITRUST risk management framework, implementation and assessment of HITRUST CSF controls, lessons learned from these implementations, related initiatives, and best practices.
Strategic Alliances
| Real-Time Compliance Pack for Microsoft System Center | Harold Dyck, Co-founder & CEO at Silect Software, Inc. and Michael Frederick, Vice President, Operations at HITRUST were key presenters at HIMSS 2015 Spotlight Session, “Automating Compliance and Cybersecurity in the Cloud Age”. Learn More |
| Cybersecurity Framework Overview | NIST’s Kevin Stine provides an overview of the NIST Framework for Improving Critical Infrastructure Cybersecurity (also known as the Cybersecurity Framework, or CsF). It is followed by an explanation by Dr. Bryan Cline and Michael Frederick (of HITRUST) on how the HITRUST risk management framework, including the HITRUST CSF and CSF Assurance Program, provides a model implementation of the NIST CsF for the healthcare industry. Learn More |
| Leveraging Control-based Risk Management Frameworks to Support a HIPAA Compliant Risk Analysis | In this University-sponsored Webinar presentation, Dr. Bryan Cline, adjunct professor for the University of Fairfax, provides an explanation of how an organization can leverage a control-based risk management framework such as those provided by ISO, NIST, or HITRUST to streamline and expedite the risk analysis required under the HIPAA Security Rule. Learn More |
Community Connections
| Leveraging a Control-Based Framework to Simplify the Risk Analysis Process | Bryan S. Cline, an ISSA member-North Texas Chapter, discusses HIPAA risk analysis, its purpose, and how a controls-based risk management framework can be leveraged to satisfy due diligence and due care obligations and comply with HIPAA. Learn More |
| Selecting a Healthcare Information Security Risk Management Framework in a Cyber World | An explanation by Health Care Services Corporation CISO Ray Biondo and Children’s Health Dallas CIO Pamela Aurora of the criteria they used to evaluate major information protection standards and frameworks like ISO, NIST and HITRUST and their rationale for selecting the HITRUST risk management framework as the basis for their information protection and cybersecurity program. Learn More |
| Managing Cybersecurity Risk in a HIPAA-Compliant World | Andrew Hicks of Coalfire Systems and Dr. Bryan Cline of HITRUST address compliance with the HIPAA Security Rule and other regulations applicable to the healthcare industry and how to appropriately manage risks to the security of sensitive health information with the HITRUST CSF. Learn More |
Disclaimer: HITRUST Industry Insights provides links to sites or resources of third parties. You acknowledge and agree that HITRUST is not responsible for the availability of such sites or resources, and does not endorse and is not responsible or liable for any content, products, or services on or available from such sites or resources. Representations of such sites or resources are those of the respective third parties and do not necessarily reflect positions or views of HITRUST. You agree that you must independently evaluate, and bear all risks associated with, your use of any such content, products, or services. You further acknowledge and agree that HITRUST shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with your use of or reliance on any content, products, or services available on or through any such site or resource.