By Paul Banco, CEO and co-founder, etherFAX.
As a data protection standards and development certification organization, HITRUST helps organizations safeguard sensitive data and manage IT risk across all industries and throughout the third-party supply chain. Since it was founded in 2007, the HITRUST Common Security Framework (CSF) has become the gold standard for compliance framework in the healthcare industry as it addresses the requirements of existing standards and regulations including HIPAA, PCI, COBIT, NIST, ISO, FTC, and state laws.
To become HITRUST certified, an organization must first complete a HITRUST CSF Readiness assessment to determine if the current alignment of its security and privacy controls relates to the requirements defined in the HITRUST CSF. The organization can then select a certified HITRUST CSF Assessor Firm that will perform several risk assessments, audits, and quality assurance procedures over the course of two to four months.
The HITRUST CSF has 19 different domains including healthcare data protection and privacy, endpoint protection, mobile device security, incident management, and disaster recovery. An organization will be scored on these assessments and must meet a minimum compliance level to become HITRUST certified.
Research has shown 97 percent of organizations that pursue a HITRUST Certified Security Framework certification rapidly improve their information security posture to meet certification and, most importantly, maintain their security posture. Furthermore, with a mature information protection program in place, organizations are less likely to suffer a breach and are more likely to be able to contain and minimize the impact of a breach, should one occur.
Organizations that implement a robust information security continuous monitoring (ISCM) program such as HITRUST to continually assess the state of their information security controls not only achieve higher levels of maturity, but also make better and more timely decisions.