HITRUST Bridge Assessment Offers Relief From Pandemic Pressures

HITRUST is granting organizations the ability to gain a 90-day grace period to demonstrate continuous compliance with its new Bridge Assessment. Continue reading “HITRUST Bridge Assessment Offers Relief From Pandemic Pressures”

HITRUST Releases Guidance for Reliance on the Work of Others

On September 11, 2019 HITRUST released updated guidance regarding the reliance of others as part of the HITRUST certification process. This includes a more defined scope for reliance on the results of audits, assessments, and inspections that have been completed in the past. Continue reading “HITRUST Releases Guidance for Reliance on the Work of Others”

HITRUST Changes PRISMA Weights and Scoring Rubric

On September 3, 2019 HITRUST announced that they will be updating the HITRUST PRISMA Weights (HAA 2019-007) and the Scoring Rubrics (HAA 2019-009). These new guidelines will go into effect for any HITRUST certifications submitted and accepted on December 31, 2019 or later.

Continue reading “HITRUST Changes PRISMA Weights and Scoring Rubric”

Which Compliance Audit is Right for Me?

When it comes to compliance audits, one should never follow the “one-size-fits-all” mentality. The type of audit you need often depends on your organization’s industry, specific client requests or type of data stored. Continue reading “Which Compliance Audit is Right for Me?”

Top Tips for Effective Audit Preparation

For any organization that stores, interprets and manages sensitive data, complying with cybersecurity requirements is of utmost importance. The most comprehensive way to test the strength and effectiveness of these systems is through a compliance assessment. Beginning this process, however, is no easy feat. Continue reading “Top Tips for Effective Audit Preparation”

HITRUST CSF v9.3 Incorporates New Frameworks, Legislation and Standards

Since 2007, the HITRUST Common Security Framework (CSF) has been recognized as a well-rounded and certifiable security framework for any organizations of all sizes and industries. With the upcoming CSF v9.3 update, HITRUST continues to demonstrate its value for any organization by expanding to incorporate new frameworks, legislation and standards.

What is the HITRUST CSF?

The HITRUST CSF is a scalable and extensive security framework used to efficiently manage the regulatory compliance and risk management of organizations. By unifying regulatory requirements and recognized frameworks from ISO 27001, NIST 800-171, HIPAA/HITECH, PCI DSS, GDPR and more into one comprehensive system, the HITRUST CSF saves time and energy by assessing once and reporting many.

Thanks to its ability to combine several assessments and frameworks into one framework, the HITRUST CSF allows clients to decide what they want to test against and get controls based on that level of risk. This “assess once, report many” approach means that assessors are performing several different audits, but the organization feels like they’re only undergoing one. Because of this benefit and its exhaustive focus on security, the HITRUST CSF has been adopted by organizations across different industries.

Originally designed specifically for the healthcare industry, the recent HITRUST CSF v9.2 grew the framework to make it useful for any organization around the globe.

CSF v9.3 will be released Q3 of 2019 and the HITRUST organization has detailed the additional regulatory factors that will be added to the framework.

Incorporation with the California Consumer Privacy Act

One of the most notable updates in CSF v9.3 is the incorporation of new standards and regulations, including requirements placed on organizations by the California Consumer Privacy Act (CCPA).

Passed in 2018, the CCPA was built to be similar to the European Union’s General Data Protection Regulation (GDPR) and takes a stronger stance to protect the sharing, transmission and storage of consumer data. The CCPA legislation goes into effect on January 1, 2020, with the enforcement of the law starting on July 1, 2020.

Not only does the HITRUST CSF v9.3 incorporate standards and regulations from the CCPA, it reflects key differences between the CCPA and GDPR, including requirements for data access, applicability and requirements for opt-out methods.

Other Important Updates to CSF v9.3

Aligning the HITRUST CSF with the CCPA is only one of the updates to the HITRUST framework. CSF v9.3 also updates the framework to incorporate other authoritative sources, including:

  • The Federal Risk and Authorization Management Program (FedRAMP)
  • The National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity: Framework Core – Subcategories, v1.1
  • Centers for Medicare & Medicaid Services’ (CMS) Information Security ARS: CMS Minimum Security Requirements for High Impact Data, version 3.1
  • IRS Publication 1075: Tax Information Security Guidelines for Federal, State and Local Agencies: Safeguards for Protecting Federal Tax Returns and Return Information
  • South Carolina’s Bill 4655, the Insurance Data Security Act

Who Should Migrate to CSF v9.3

If your entity wants to add any of the six regulatory factors outlined above to your HITRUST assessment, you will need to undergo CSF v9.3. If you are not interested in adding these factors, you can instead opt to undergo CSF v9.1 or CSF v9.2.

By giving organizations more choice to better fit their needs, the HITRUST CSF continues to position itself as a valuable, powerful and flexible framework for organizations of all sizes across all industries.

The A-LIGN Difference

A-LIGN’s experience and commitment to quality helped over 130 clients successfully achieve HITRUST certification. Our vigorous process outlined above helps you prepare for the HITRUST assessment, and our team of HITRUST experts are here to answer any question you might have through every step of the process by answering all inquiries within twenty-four hours. With A-LIGN, you’re on the right path to HITRUST certification success.

Interested in pursuing the HITRUST CSF for your organization? Contact A-LIGN at 1-888-702-5446 to speak with one of our cybersecurity and compliance professionals.

 

The Ultimate HITRUST Resource

Since its inception in 2007, the HITRUST Common Security Framework (CSF) has been used by organizations of all sizes around the globe. Originally designed specifically for the healthcare industry, today the HITRUST CSF enjoys success across all industries thanks to its robust and scalable systems that unify multiple recognized frameworks.

Continue reading “The Ultimate HITRUST Resource”

Don’t Undergo an Audit or Assessment Before Reading This Guide

Cybersecurity examinations are an important undertaking for your organization, its health and projected future. With no shortage of firms and examination types to choose from, preparing to undergo an audit or assessment can feel like a massive undertaking. Is the firm cutting corners reliable? Is the accessor able to deliver on their lofty promises? And how can you tell if they’re providing quality work?

Continue reading “Don’t Undergo an Audit or Assessment Before Reading This Guide”

The HITRUST
Assessment Process

Since its inception in 2007, the HITRUST framework has become very popular with organizations globally – including businesses of all types in the HITRUST XChange program. As a certified HITRUST accessor firm and licensed CPA firm, A-LIGN has helped companies and organizations of all sizes prepare for HITRUST certification.

Continue reading “The HITRUST
Assessment Process”