HITRUST

HITRUST -- You've come a long way baby...

HITRUST -- You've come a long way baby...

I first took the HITRUST Assessor course in 2009 and was disappointed. Roughly, the aim of HITRUST then, as it is now, is to allow all players in the health care ecosystem (providers, payors, suppliers and others) to adopt a single security framework, and then deliver attendant certifications to demonstrate that their security programs or selected IT systems are secure. In short, a hospital, for example, would conduct a HITRUST assessment to demonstrate to anyone (Govt. and private entities) that their overall security program has a requisite level of maturity. Only one report could be created and submitted to many who needed to verify the security maturity of an organization.  (Note: CPA firms offer similar attestations such as the SOC Type 1 and Type 2 assessments, under AICPA guidance for service providers.)