HITRUST now offers more! Healthcare providers are able to verify that their organization has met all of the industry-defined certification requirements of the HITRUST CSF. With HITRUST CSF, organizations are able to demonstrate ‘compliance’ with NIST—a fact that was recognized recently in a 2018 Government Accountability Office (GAO) Report to Congressional Committees on Critical Infrastructure Protection. Not only does NIST support the development of third-party certification programs but HITRUST now has a program certifying an organization’s implementation of the Framework. Integrating the New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) into the HITRUST CSF enables the financial industry to leverage the framework to achieve better cybersecurity resilience and protection. The Requirements for Financial Services Companies affect not only financial institutions but also healthcare organizations such as health insurers and their business associates. Incorporation of the EU General Data Protection Regulation (GDPR) is part of HITRUST’s initiative towards internationalization of the CSF and increased support for global organizational privacy programs. The updated framework allows organizations to easily manage and report on the controls intended to address GDPR requirements.