Effectively managing information security is a critical success factor in the healthcare industry for assuring patient care, safety and privacy; compliance, business alignment and cost efficiencies. Furthermore, the industry continuously faces new regulatory requirements, system changes, and dependency to outsourcing vendors. The HITRUST Common Security Framework (CSF) launched in March 2009 addresses many of these challenges.

The HITRUST is a prescriptive, certifiable, and scalable framework based on the organization’s complexity and risk. Adopting the framework assures your organizations alignment with regulatory requirements and common best practices. The CSF including ISO 27000-Series and 27799, NIST 800-53 and 800-66, Health Insurance Portability and Accountability Act (HIPAA), COBIT, PCI Data Security Standard (PCI DSS), NIST CSF, and considers federal and state regulations.

We work with providers, payers and vendors to assess or implement HITRUST. These services complement our existing information security services. Our HITRUST services include:

  • Assessments
    • HITRUST Readiness Assessment
    • Compliance Gap Assessment
    • Security Processes Maturity Assessment
    • Application Readiness Assessment of Cerner, Meditech, EPIC, and other key HIS
    • Medical Devices Assessment
  • Implementation CSF
    • Policy/Procedures
    • Roles/responsibilities
    • Measurements & Reporting
    • Network Design & Architecture
    • Logging/monitoring
    • Application Readiness