The risk level and control maturity-based rating decide the success of HITRUST.
The CSF components include:
- 19 Domains
- 14 security control categories (13 security / 1 privacy)
- 49 control objectives (42 security / 7 privacy)
- 156 implementation requirements (135 security / 21 privacy)
e-InnoSec consultants will work with the organization to meet the following requirements within the HITRUST framework and prepare the organization for certification:
1. Selection of control level
Three Levels of Controls:
- Level 1 - A fundamental level of controls required during normal business operations
- Level 2 - More restrictive requirements for organizations and systems which have an elevated level of risk
- Level 3 - Most restrictive controls required for the environment with the greatest level of risk
- Most restrictive controls required for the environment with the greatest level of risk
Each implementation level builds on the one below it - level 2 includes all of level 1 plus additional requirements, level 3 includes all of level 2 plus additional requirements.
2. Address the CSF requirement statement to meet with the maturity requirements
3. HITRUST score calculation using Program Review for Information Security Management Assistance (PRISMA) methodology
The HITRUST certification is designed for the healthcare industry and its third-party associates. The HITRUST security maturity evaluation and points process awards healthcare providers a certification. This certification verifies that the company followed the Common Security Framework (CSF).
Services
e-InnoSec services include:
Assist with implementation of the HITRUST healthcare risk management and controls framework includes:
- Selection of control level
- Address the CSF requirement statement to meet with the maturity requirements
- HITRUST score calculation using Program Review for Information Security Management Assistance (PRISMA) methodology
- Assess and test the controls, identify gaps, and remediate
- Work with HITRUST auditor and certification authority