HITRUST CSF v9 Designed to Strengthen, Simplify, and Enhance Healthcare Regulatory Compliance and Risk Management

April 24, 2017
1677 Views

Written by HITRUST Independent Security Journalist Sean Martin. 

Get ready for more comprehensive compliance and risk management — with less work. HITRUST is putting the finishing touches on the HITRUST CSF v9 and corresponding updates to the HITRUST CSF Assurance Program, with this latest iteration of both expected in July 2017.

If there is one overarching message for the v9 release, it’s enabling healthcare organizations of all sizes and business models to do more with the HITRUST CSF by expanding the mappings of the CSF to additional protocols and frameworks.

HITRUST, in conjunction with its HITRUST CSF Advisory Council, has worked closely with the industry to make improvements to existing parts of the CSF. In addition, the new HITRUST CSF and HITRUST CSF Assurance Program releases integrate and harmonize other industry and regulatory standards, including:

HITRUST CSF Assurance:

  • National Institutes of Standards & Technology Cybersecurity Framework: HITRUST CSF Assessments will incorporate controls related to the NIST Cybersecurity Framework (NIST CsF) and the HITRUST CSF Assessment Report will include an appendix showing compliance with the NIST CsF. In addition, organizations obtaining HITRUST CSF Certification will also receive a NIST CsF Certification.

HITRUST CSF:

In addition, the v9 releases were influenced by the new HITRUST Threat Catalogue. This exciting HITRUST initiative aligns real-world cyber threats with CSF risk factors and controls. The HITRUST Threat Catalogue will begin impacting the HITRUST CSF with the v9 release, and will be more fully integrated with HITRUST CSF v10, due to be released in 2018.

CSFBASICs Coming Soon to a Small Practice Near You

While not officially part of the CSF and CSF Assurance Program updates, HITRUST is releasing a major iteration of its small business security program, renamed CSFBASICs, in the same timeframe. BASICs stands for “Basic Assurance and Simple Institution Cybersecurity.”

Currently being piloted, CSFBASICs will help small, low-risk organizations adopt a serious, HIPAA-compliant cybersecurity and assurance program. Although CSFBASICs is based on the HITRUST CSF, the requirements and assurance processes are streamlined to help smaller, lower-risk organizations demonstrate compliance and manage risk with less effort. HITRUST is in the final phase of piloting CSFBASICs and elements of its associated CSFBASICs Assurance Program, and estimates both will be generally available later this year.

“I really don’t know many small practices that can comply with all our regulatory obligations, including HIPAA,” said Dr. J. Stefan Walker with Corpus Christi Medical Associates (CCMA), a five-physician primary care practice in Texas. “We generally don’t have the staff or the expertise, nor can we hire consultants, to manage these programs on an ongoing basis. I honestly didn’t know how my practice could be secure or demonstrate HIPAA compliance, but that was before I had the opportunity to pilot CSFBASICs.”

Want to learn more? Be sure to read the blog Finding the Cure: HITRUST Simplifies Cybersecurity Compliance for Small Medical Practices.

A Standardized Approach

The HITRUST CSF is the most widely adopted information privacy and security framework for healthcare organizations, and provides them with a comprehensive, scalable and certifiable approach to regulatory compliance and risk management. The popular HITRUST CSF Assurance Program helps organizations streamline the compliance process by allowing them to assess once and report against multiple sets of requirements. The result: less time and money spent on assurance and demonstrating compliance.

 

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

HITRUST® Grows Its Privacy Controls and Activities
Privacy
shares656 views
Privacy
shares656 views

HITRUST® Grows Its Privacy Controls and Activities

Lacy Deatrich - Jun 05, 2019

By Natalie Leutwyler, Lead Privacy Analyst, and Anne Kimbol, Chief Privacy Officer Recently a number of important privacy initiatives and…

HITRUST’s Contribution to Healthcare’s New ‘Network of Networks’
Security
shares1795 views
Security
shares1795 views

HITRUST’s Contribution to Healthcare’s New ‘Network of Networks’

Lacy Deatrich - May 17, 2019

HITRUST’s Role in the New Trusted Exchange Framework and Connected Agreement (TEFCA) By Anne Kimbol, Chief Privacy Officer, HITRUST The…

HITRUST’s Shared Responsibility Working Group Ensuring Efficient Operation of Security Controls for Customer of Cloud Services and Cloud Providers
Compliance & Risk Management
shares677 views
Compliance & Risk Management
shares677 views

HITRUST’s Shared Responsibility Working Group Ensuring Efficient Operation of Security Controls for Customer of Cloud Services and Cloud Providers

Lacy Deatrich - May 09, 2019

By Matthew Datel, Director of Education and Strategic Initiatives and Becky Swain, Director, Standards Development, HITRUST Since September 2018, the…