HITRUST now offers more! Healthcare providers are able to verify that their organization has met all of the industry-defined certification requirements of the HITRUST CSF. With HITRUST CSF, organizations are able to demonstrate ‘compliance’ with NIST—a fact that was recognized recently in a 2018 Government Accountability Office (GAO) Report to Congressional Committees on Critical Infrastructure Protection. Not only does NIST support the development of third-party certification programs but HITRUST now has a program certifying an organization’s implementation of the Framework. Integrating the New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) into the HITRUST CSF enables the financial industry to leverage the framework to achieve better cybersecurity resilience and protection. The Requirements for Financial Services Companies affect not only financial institutions but also healthcare organizations such as health insurers and their business associates. Incorporation of the EU General Data Protection Regulation (GDPR) is part of HITRUST’s initiative towards internationalization of the CSF and increased support for global organizational privacy programs. The updated framework allows organizations to easily manage and report on the controls intended to address GDPR requirements.
CRI’s experienced professionals have the industry expertise and certifications to guide you through a HITRUST assessment. CRI has been approved by HITRUST to perform assessment and services associated with the CSF Assurance Program and the HITRUST CSF. Let us show you how our wide range of industry expertise, and the additional HITRUST offerings, create a perfect combination to set you apart from your competition and show your commitment to data protection!