Using HITRUST for Industries Beyond Healthcare

Organizations around the world, especially ones in the HITRUST XChange program, are moving to quickly implement the HITRUST Common Security Framework (CSF) for their organization. With the recent HITRUST CSF v9.2 update, organizations across all industries – not just healthcare – can benefit greatly from the HITRUST framework.

What is HITRUST?

The HITRUST CSF is a robust and scalable framework for managing regulatory compliance and risk management of organizations and their business associates. Originally designed specifically for the healthcare industry, the HITRUST framework has found success across multiple industries thanks to it unifying regulatory requirements and recognized frameworks from ISO, NIST, HIPAA/HITECH, PCI DSS and COBIT into one comprehensive system.

Through this “assess once, report many” approach, organizations can save energy and time by selecting the controls to test against and then having multiple examinations delivered in one comprehensive report.

Thanks to its ability to combine several assessments and frameworks into one system, the HITRUST CSF is quickly becoming accepted as one of the strongest security frameworks for organizations across any industry. Globally-recognized companies that have adopted the HITRUST CSF as their foundational security framework include:

  • AT&T
  • Fiserv
  • Google
  • Marriott
  • McDonald’s
  • Microsoft
  • PNC
  • Sabre
  • Salesforce
  • Sony

How HITRUST Can Help Organizations Outside Healthcare

Thanks to the HITRUST CSF v9.2 update, HITRUST is valuable for organizations of all sizes and industries – even if they don’t handle healthcare data. The CSF v9.2 update moves HITRUST to an agnostic framework in which you can toggle across HIPAA as a baseline, giving organizations looking for a scalable framework a meaningful tool that now works beyond the healthcare industry. With its scalable nature and ability to accommodate multiple frameworks, the HITRUST CSF is a powerful tool for organizations, regardless of the type of data they handle.

How HITRUST Strengthens Vendor Relationships

Cybersecurity challenges affect organizations of all sizes, and in today’s connected environment, those challenges extend to third-party vendors – including suppliers, affiliates, contractors and service providers. It’s this risk of a data breach in the supply chain that makes security compliance more important than ever for all business partners involved together. Some of the benefits of HITRUST compliance for you and your vendors include:

Commitment to Security: By providing a well-defined and consistent risk management framework, you can benchmark your organization’s cybersecurity program against other organizations both inside and outside your industry. This framework can also be used for evaluating vendors and suppliers, making sure that their security lives up to your organization’s standards. Not only does this protect you – it also protects all your existing third-party vendors in the supply chain.

Boosting Confidence: By undergoing HITRUST certification, you signal to your vendors that you are committed to data security – giving them trust and confidence in your organization and its abilities.

Looking to the Future: By undergoing HITRUST certification, you cement yourself as a leader to your current and potential vendors, showcasing you as a forward-thinking organization committed to the increasingly important topic of data security.

Additional Benefits of HITRUST

HITRUST is being quickly adopted by organizations across industries including travel suppliers and airlines thanks to its robust feature list and important benefits for organizations.

Important benefits of HITRUST:

  • Leverages a framework to reduce cost and include multiple regulatory standards at once, saving organizations time, money and energy
  • Considered the only security control framework acceptable as control criteria by the AICPA for SOC 2 Type 2 reporting
  • Offers a NIST cybersecurity framework, certification and scorecard
  • Promoted as the only non-governmental agency to offer written material used by DHS and USCert as part of federal NIST Cybersecurity implementation guidance
  • Can map to other frameworks providing cost-efficient controls
  • Offers a leading cyber threat analysis center
  • Features an assurance program that is well-respected and widely accepted
  • Leverages a framework to reduce cost and include multiple regulatory standards
  • Partnered with Trend Micro to create Cysiv, providing complex defense-in-depth offerings to organizations
  • Provides regular cyber threat briefings and incident response exercises to organizations

The HITRUST Cyber Threat Exchange

Sabre has partnered with HITRUST to introduce the HITRUST Cyber Threat Xchange program, giving organizations the ability to participate in flexible, trust-based sharing groups and communities to help one another combat the growing amount of cyber threats. This proven threat exchange platform is implemented through a highly-scalable architecture and features broad API capabilities to support automation. Additional benefits include featuring multiple export formats to support various security controls, as well as automatic integration and synchronization with OSINT feeds.

Interested in pursuing the HITRUST CSF 9.1 or 9.2. for your organization? Contact A-LIGN at 1-888-702-5446 to speak with one of our cybersecurity and compliance professionals.