As described on the Health Information Trust …show more content…
Third-party vendors can use the CSF to conduct a self-assessment, but they can also elect to engage in a third-party assessment from an authorized entity. HITRUST aims to provide the healthcare industry with a common benchmark that covered entities can use to measure compliance at their business associates. The benefit to the vendors is that they would become HITRUST-certified, and they would not have to undergo as many client-specific assessments. The goal for the primary entity is to receive information about the vendor that considers more of the unique healthcare security requirements (Hernandez, …show more content…
The initial development of the CSF leveraged nationally and internationally accepted standards including ISO, NIST, PCI, HIPAA, and COBIT to ensure a comprehensive set of baseline security controls. The CSF normalizes these security requirements and provides clarity, consistency, reducing the burden of compliance with these requirements that apply to healthcare organizations (HITRUST 2015b summary).
HITRUST ensures the CSF stays relevant and current to the needs of organizations by regularly updating the CSF to incorporate new standards and regulations as authoritative sources. (HITRUST SUMMARY, 2015b).
The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls (HITRUST Alliance, 2015a).
The HITRUST