The HITRUST CSF Version Dilemma: What You Need To Know.

HITRUST

Introduction

The HITRUST CSF is a comprehensive security framework that helps organizations address critical information protection challenges. The HITRUST CSF was designed with input from healthcare and information technology (IT) experts, as well as regulators and business leaders. It provides a risk-based approach for protecting sensitive information and supports both the compliance needs of healthcare organizations and the operational goals of businesses. There are two versions of the HITRUST CSF: the standard version and the Amended Framework (AF).

What is HITRUST CSF?

Many people fail to realize that the Health Information Trust Alliance, known simply as HITRUST, is not a framework at all, but an organization comprised of healthcare industry leaders who regard information security as a fundamental component of data systems and exchanges. HITRUST developed the HITRUST Common Security Framework (CSF) in collaboration with information security, business technology, and healthcare leaders. The HITRUST CSF combines information from various standards, such as HIPAA, NIST, HITECH, and others, as a certified framework of controls mapped to these standards. The HITRUST CSF is designed to help organizations achieve complete compliance.

If you are an health care professional read about HIPAA.

The HITRUST CSF® Version dilemma

The HITRUST CSF® is a comprehensive information security framework that provides organizations with a roadmap to address critical information protection needs. The HITRUST CSF Version dilemma is the challenge of which version of the HITRUST CSF to use.

There are several versions of the HITRUST CSF, and each has its own benefits and drawbacks.

VERSION 9.1= Version 9.1 of our software is the latest release, incorporating both the EU General Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYR 500).

VERSION 9.2= Version 9.2 of the HITRUST CSF has been released, incorporating the Singapore Personal Data Protection Act (PDPA) and making revisions to the HITRUST CSF Control Category for Privacy Practices. This marks a shift to a more industry-agnostic approach for the HITRUST CSF and to better align with existing international privacy frameworks.

VERSION 9.3= Version 9.3 of the Content Security Policy assessment tool includes the California Consumer Privacy Act (CCPA), NIST SP 800-171 RS (DFARS), and the South Carolina Insurance Data Security Act (SCIDSA), and updates to various authoritative sources. This update also adjusts select risk and regulatory factors to ensure that only controls appropriate to a given assessment are included, streamlining the required questions.

VERSION 9.4= If you use version 9.4 for your validated assessment object, the assessment can be created up to at least 24 months following the release of version 10 (which, as noted above, is slated for the latter part of 2021). The key features of version 9.4 are the addition of the CMMC framework and two community-specific standards, as well as updates to existing sources.

 

Why is HITRUST CSF important for your organization?

Well, healthcare is becoming more and more reliant on technology to store and transmit data. This means that cybersecurity and compliance have become increasingly important issues. Navigating the complicated maze of federal, state, and third-party security mandates can quickly consume an organization’s resources. But this is only half the battle- achieving compliance is only the first step. Healthcare organizations and IT vendors need to make sure they are compliant to be seen as a trusted business partners. Considering all the factors, it’s clear that the industry needs a system that is transparent, standard, and secure. Thankfully, that’s exactly what HITRUST has set up to ensure data security trust.

Healthcare can be complex and seem overwhelming, but it doesn’t have to be. Industry professionals and others often feel like they spend more time understanding the healthcare conundrum than solving it. That’s where Datica comes in. We have set out to investigate the underlying logic behind the astounding regulatory maze of this field and distill the information to those searching for it. Why spend your time mastering the problem when you could be discovering innovative solutions.

HITRUST isn’t easy. In fact, it’s quite challenging. But that’s a good thing. The experience we’ve gained as a company and the extensive testing of our technology brings great value to our customers.

If you want to build trust on your services read about SOC for more details

How do you choose the right HITRUST CSF Version for your organization?

When it comes to HITRUST CSF Version, there are a few things to consider. The first step is to decide what’s important to your organization and which controls you want to address. HITRUST has a matrix that can help you decide this. Once you know which controls are important, you need to select a HITRUST CSF Version that aligns with your organization’s risk profile. You can find this information in the HITRUST CSF Assurance Profile or the HITRUST CSF Assessment Guidelines.

To sum up

When it comes to HITRUST CSF Version, there are a few things to consider. The first step is to decide what’s important to your organization and which controls you want to address. HITRUST has a matrix that can help you decide this. Once you know which controls are important, you need to select a HITRUST CSF Version that aligns with your organization’s risk profile. You can find this information in the HITRUST CSF Assurance Profile or the HITRUST CSF Assessment Guidelines.