Overview
HITRUST, or the Health Information Trust Alliance, established the HITRUST Common Security Framework (CSF)
HITRUST certification assures customers that your organisation has a governnace progran that is aimed at securing electronic Protected Health Informtion (ePHI)
HITURST has more than 595 requiements, not all may apply to your business.*
In Coral we help cllients implement industry practice to fulfill these prractices through a 5 phase project plan.
With 18 years in consulting, we have succesful implementation methdology that will ensure you achieve ROI on the invested subject, and ePHI security in your business lifecycle.
What are the 5 phases of reaching HITRUST implementation?
- Phase I – Understanding Business context, and scope of systems This is generally starts with having sssions with management or their key leadrship teams to determine why HITRUST is needed, and where is ePHI. This results in determnining scope of compliance.
- Phase II – Gap Analysis/Risk Assessment We have a 4 layer risk assessment using which we determine the degre of current controls implemented. Gaps identified are treated through the subsequent phases of the project journey.
- Phase III – Strategy/Policy/Procedure Documentation In this phase we discuss and develop stategies, policies and procedures. This phase takes generally a longer time that others as the represntatives have to review and approve, and sometimes requires changes in the way they perform a certain process.
- Phase IV – Monitoring and Measurement In order for an organistaion to reach level 4 and level 5 an ongoing measuyrement process needs to be in place. Based on the organisation requirement and agreement, we perform the masurement and provide a scoring against controls. This gives the management an objctice view of HITRUST implementation.
- Phase V – External HITRUST support We support your external audit jouney threeby ensuring that you acheiev succssful certtification.
What are 19 Domains of HITRUST?
- Information Protection Program
- Endpoint Protection
- Portable Media Security
- Mobile Device Security
- Wireless Security
- Configuration Management
- Vulnerability Management
- Network Protection
- Transmission Protection
- Password Management
- Access Control
- Audit Logging and Monitoring
- Education, Training, and Awareness
- Third-Party Assurance
- Incident Management
- Business Continuity and Disaster Recovery
- Risk Management
- Physical and Environmental Security
- Data Protection and Privacy
What is HITURST Maturity?
With HITRUST report you get a score of 1 to 5 depending on the followings:
- Policy – this is achieved when you have a documented policy in line with HITRUST requirement
- Procedure – This is when you describe how you achieve the policy objectives. This involves documenting people, process and technology references.
- Implementation – This is when you provide the evidence of the implementation in line with policy and procedure.
- Measured – This is when you ‘quantitatively’ demonstrate the effectiveness of a control is in place. This can be a minimum period of say 3 months, which provide a reasonable assurance of control measurement.
- Managed – This is when you show how identify risks, deviations, opportunities for improvements, and track till closure.
- If you are chosing beyond HIPAA, and wish to get certified on additional CSF such as SOC 2 or one of the paplicable legislations, there can be additial requirements.
What does the toolkit cover?
- Policy – a document that shows organisation intent to comply to a requirement of the standard
- Procedures – a document that defines how an organisation can accomplish a task in a step by step method.
- Measurement – How an organisation can measure the performance of the documented procedure
- Templates – Based the policy/procedure/measurement requirement, we provide a ready to use template that ranges from word, excel, power point presentations – that helps an organisation achieve their own HITRUST goals.
Leave us massage