What is a Health Information Trust Alliance (HITRUST)?
HITRUST collaborated with healthcare, business, technology, and information security leaders and established the HITRUST CSF to be used by any and all organizations that create, access, store, or exchange protected health information (PHI). HITRUST is driving adoption and widespread confidence in the HITRUST CSF and sound risk mitigation practices through the HITRUST community that provides awareness, education, advocacy, support, knowledge-sharing, and additional leadership and outreach activities.
Applicability
The HITRUST CSF applies to covered information (i.e., information that organizations deem necessary to secure, such as PHI) in all its aspects, regardless of the form the information takes (e.g., words and numbers, sound recordings, drawings, video and medical images), the means used to store it (e.g., printing or writing on paper or electronic storage), and the means used to transmit it (e.g., by hand, via fax, over computer networks or by post). However, an organization may wish to scope the organizational elements and/or systems subject to a HITRUST CSF assessment for specific business reasons.
Objective
The objectives of HITRUST is to help organizations from all sectors–but especially healthcare to effectively manage data, information risk, and compliance. The HITRUST CSF combines information from various standards, such as HIPAA, NIST, HITECH, and others, as a certified framework of controls mapped to these standards designed to help organizations achieve complete compliance.
Approach
Our approach has been covered in 5-phases. These include:
Phase 1: Understand Business Process
Understanding the environment and management’s expectations along with the policies and procedures.
Phase 2: Identify Risks and Controls
Identify target processes and understand the process flow, risk, information assets and controls pertaining to processes.
Phase 3: Controls Design Testing
Identify controls based of HITRUST CSF and prepare the issue and opportunity registers, test the control design and identify deficiencies. Prepare risk mitigation plan and calculate the residual risks.
Phase 4: Controls Evaluation
Perform internal audit and identify the control weaknesses and impact of deficiencies.
Phase 5: Certification
Invite certification agency for the certification audit
Why CyberSRC®?
Established in January 2018, CyberSRC Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team which have a combined experience.