// THREAT DETECTION AND DATA PRIVACY TERM

HITRUST

HITRUST is a widely adopted security and privacy framework used by organizations, especially in healthcare, to protect sensitive data. It combines various standards like HIPAA and NIST into a single set of certifiable controls to demonstrate compliance.

TECHNICAL DEFINITION

The Health Information Trust Alliance (HITRUST) provides the HITRUST Common Security Framework (CSF), a certifiable, risk-based framework for managing information security and regulatory compliance. It integrates standards like HIPAA, NIST, ISO 27001, and PCI DSS, enabling organizations to assess and demonstrate their security posture for handling sensitive data like electronic Protected Health Information (ePHI).

BACKGROUND

HITRUST is an organization headquartered in Frisco, Texas, that provides information risk management and compliance assessments and certifications.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • HITRUST CSF
  • Common Security Framework
  • HITRUST Alliance
  • Healthcare security framework
  • HIPAA compliance framework
  • Information risk management framework

USAGE NOTE

HITRUST certification is often required by healthcare payers and providers as a prerequisite for engaging with vendors that handle sensitive patient data.

DEVELOPERS

Organizations developing technology related to HITRUST.

  • HITRUST Alliance

    The organization that created and maintains the HITRUST CSF, a widely adopted security and privacy framework used by organizations of all sizes to manage risk and demonstrate compliance.

  • Coalfire

    A cybersecurity advisory firm and a leading HITRUST Authorized External Assessor that provides readiness, validation, and remediation services to help organizations achieve HITRUST certification.

  • A-LIGN

    A cybersecurity and compliance solutions provider that is a prominent HITRUST Authorized External Assessor. They offer readiness assessments, validated assessments, and gap analysis for organizations pursuing HITRUST certification.

  • Drata

    A security and compliance automation platform that helps companies achieve and maintain compliance with various standards, including HITRUST. The platform continuously monitors controls and automates evidence collection for audits.

  • Apptega

    A software company that provides a cybersecurity and compliance management platform. The platform helps organizations manage frameworks like HITRUST by simplifying assessments, gap analysis, and ongoing compliance management.

  • Deloitte

    A global professional services network and a HITRUST Authorized External Assessor. Their Cyber and Strategic Risk practice offers a wide range of services to help large enterprises prepare for and undergo HITRUST validation.

  • Tugboat Logic (by OneTrust)

    A security assurance and compliance automation platform that simplifies the process of preparing for security audits for frameworks like SOC 2, ISO 27001, and HITRUST by automating evidence collection and policy creation.

  • KirkpatrickPrice

    An information security auditing firm and licensed HITRUST CSF Assessor. They provide readiness assessments and validated assessments to help organizations navigate the complexities of HITRUST certification.

RELATED TERMS IN COMPLIANCE & PRIVACY