Common Security Framework (HITRUST): A Case Study

518 Words3 Pages

The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) was established as a security program to regulate and safeguard health information in the United States due to security and privacy issues that healthcare organizations encountered. Furthermore, in order for it to be more cohesive and collective, the CSF combines federal and state regulations, standards, and incorporates frameworks such as the Health Insurance Portability and Accountability Act (HIPAA), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Control Objectives for Information and related Technology (COBIT), Payment Card Industry (PCI), Digital Security Standard (DSS) and the Cloud Security Alliance (CSA) Cloud Controls Matrix (Murphy, 2015; HITRUST Alliance, 2015a; HITRUST Alliance, 2015b; HITRUST, 2013). This was conceived into its security requirements and policies so that security risks could be evaluated and assessed within health organizations; and to institute and serve as a core baseline for these health organizations to be measured against. In addition, third-party vendors and business associates can employ the CSF to evaluate its products and its organization. As a result, …show more content…

Moreover, it serves as the security program bedrock for healthcare organizations. “HITRUST CSF provides the needed structure, clarity, functionality and cross-references to authoritative sources. The CSF normalizes these security requirements and provides clarity, consistency, reducing the burden of compliance with these requirements that apply to healthcare organizations” (HITRUST Alliance, 2015b). Furthermore, as healthcare evolves HITRUST and CSF evolves with it to revise, create or update standards and regulations to serve the healthcare organizations more efficiently (HITRUST Alliance,