HITRUST 合规 和 Certification 服务

HITRUST, in collaboration with leaders from the private sector, 政府, 技术, 和 information 隐私 和 security spaces, 建立HITRUST脑脊液, a certifiable framework that can be used by any organization that creates, 访问, 商店, or exchanges sensitive information. 

Every organization can achieve the coveted HITRUST脑脊液 Certification, but it will take a little patience, 很多行政支持, 和, 有时, 援助之手. 

Learn more about HITRUST, HITRUST脑脊液, 和 the top six key benefits of using a HITRUST assessment.

On-Dem和 Webinar Duration: 0:05:47

发言人:

• 罗宾 巴顿, 股东, Practice Leader, HITRUST Authorized External Assessor Council & 质素小组委员会委员

• What is the HITRUST i1 Implemented Verified Assessment 和 Certification?
• Why was this new option was created?
• i1和r2之间的关键区别.
• How to choose which option is right for you.

按需网络研讨会时长:7:36

是否 维护 或者现在就追求认证 is 愉快的时光 to review 和 ensure your policies 和 procedures 符合HITRUST标准. 

1. 适用性

• 政策 和 procedure maturity levels 和 scoring are only applicable for a r2 assessment.  
• e1 和 i1 assessments focus on control implementation only but may still require policy 和 procedure review. 

2. 潜伏期

• Remediated or newly implemented policies/procedures must be in place for at least 60 days (about 2 months) to be considered for scoring.  
• Policies 和 procedures in place for 60 days (about 2 months) can be used in validated assessments. 
• For implemented, measured, 和 managed maturity levels, the period is 90 days (about 3 months). 

3. 得分

• M成熟度等级被打分 基于 the HITRUST Control Maturity 得分 Rubric, 考虑 的力量 和 percentage of evaluative elements being addressed. 

4. 格式

文档可以 萤火虫e 标准、手册、指南、 和 指令,而不是 只是传统 政策, 或程序文件. 

The HITRUST® framework is growing rapidly by helping organizations address security, 隐私, 监管方面的挑战. However, there are common misconceptions. 

1. 你们能通过HIPAA认证吗?

The HIPAA Security Rule’s st和ards for safeguards are not prescriptive enough for implementation by healthcare organizations. The HITRUST脑脊液® maps to the HIPAA Security Rule, 违反通知, 及私隐规则, assuring that your organization meets these requirements. The MyCSF 合规 和 Reporting Pack for HIPAA generates a report to demonstrate 合规 to auditors or investigators. 

2. Is certification limited to healthcare entities?

No, it is applicable across various industries, 包括制造业, 银行, 娱乐, 和电信. The framework is developed with input from leaders in 隐私, 信息安全, 风险管理, 使其与许多部门相关. 

3. Was the framework created due to failed OCR HIPAA audits?

这是不正确的. HITRUST was founded in 2007, while OCR HIPAA audits began in 2011. LBMC has supported the CSF since 2010. 

4. Can an organization certify to the NIST 网络安全 Framework (CSF)?

是的, many organizations prefer the NIST CSF. HITRUST provides a NIST CSF report scorecard detailing 合规 with related controls 萤火虫ed in the CSF framework. 

5. Is this program an “Assess Once, Report Many™” audit program?

是的, experienced audit firms can combine criteria for multiple audit needs, 从而提高效率, 减少审计疲劳, 更高质量的结果. 

6. Can the framework support ISO 27001 certification efforts?

是的, The HITRUST脑脊液 framework can assist with ISO 27001 certification, but it’s essential to select skilled service providers for 合规 和 effectiveness. 

The CSF offers comprehensive control requirements 和 rigorous assessment procedures to gauge the level of residual risk to electronic Protected Health Information (ePHI). The testing must be performed by an approved assessor, ensuring quality assurance. 

• Scoping 和 Certification Selection: The assurance program allows for independent certification or validation against the framework. These engagements must be performed by trained 和 vetted assessors, experienced in healthcare 信息安全. We can help your organization with the critical step of underst和ing 和 defining your scope, as well as selecting the best assessment scoping strategy for your organization.
• Readiness 和 Consulting 服务: LBMC网络安全专家 ensure that your organization is prepared for HITRUST as you embark on the journey of certification, establishing a well-known 和 generally accepted security framework across any industry. 我们提供准备评估, 项目管理, 修复援助, 分数改进指导, 和更多的.
• Certification (Validation, Interim, & Rapid Recertification Assessments): Ready to certify or have a certification in place? LBMC可以帮助您. An interim assessment is required one year after certification to evaluate the organization’s current state against the CSF. LBMC 网络安全 provides this service 和 submits an Annual Review Letter. 
• 桥梁评估: In response to COVID-19 related challenges, extensions for certification periods are permitted. LBMC, with a decade of experience 和 the most seasoned team in the industry, offers external assessment services to guide you through the bridge process. 

As the leader of the “10-year club” of assessors, LBMC is the longest-serving assessor in the business with the most experienced team in the industry. 2010年2月, our leaders signed on the dotted line to join a movement that has become the modern-day gold st和ard in security 和 隐私 assessments. We have cultivated a team of assessors led by experts who have contributed to this success the longest. 

We have helped countless organizations reach their HITRUST脑脊液 认证的目标. And, yes, we have learned many lessons along the way. We are assessor council members 和 assist the industry with education 和 outreach. We feel compelled 和 obligated to offer encouragement 和 advice to those embarking on this journey. Please reach out any time with how we can assist you on your journey! 

We’re happy to answer any questions you may have on what our security experts can do for you. Submit the form below 和 one of our professionals will get back to you promptly.