HITRUST, in collaboration with health care, technology, and information security leaders, developed the Common Security Framework (CSF) to provide a unified and prescriptive structure to guide the risk management of health information, ISO, Payment Card Industry Data Security Standard (PCI-DSS), Control Objectives for Information and Related Technologies (COBIT), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, and NIST standards. The CSF methodology provides a highly flexible framework by offering a standardized way of scaling and tailoring safeguards based on an organization’s specific risk factors.
Although the most cost-effective response to a security breach is to prevent one from occurring in the first place, many health care companies face difficulties conducting meaningful risk analyses because existing security laws do not describe how to handle such analyses, and it is difficult to know what mitigation tactics should be taken to address identified risks.
Health care companies can improve their security posture by leveraging the HITRUST CSF, which may reduce the likelihood of a data breach due to requiring robust security safeguards. As long-standing HITRUST CSF practitioners, we are able to leverage the HITRUST methodology to provide HITRUST readiness support to clients. We can also help clients achieve HITRUST CSF certification via partnerships we have with audit firms serving as our advisors. Further, as a law firm, all HITRUST CSF preassessment efforts are conducted under the attorney-client privilege, which allows clients to keep key risk points and compliance flaws from being exposed as they work toward certification.