“One Framework, One Assessment, Globally”
HITRUST was established in 2007 by a consortium of cybersecurity experts. “The Health Information Trust Alliance (HITRUST) is an organization governed by representatives from the healthcare industry. The HITRUST was established to enable the different industries — especially the health sector, to be compliant with assessment frameworks. It helps vendors, organizations, and other entities to ensure data protection by using a risk management approach to data security. The HITRUST CSF can be applied to any organization that creates, operates, manages, and stores sensitive data.
Assessment Process
e1-static set of controls 44
i1- static set of controls 182
r2 – Average set of controls 250 to 350 controls can go up to 1200
Completion Time
e1- 2 months to 4 months
i1- 4 months to 12 months
r2- 12 months to 24 months
HITRUST Involves multiple stakeholder and departments. HITRUST has about 1200+ control requirements. e1 and i1 are focused on implementation of controls. HITRUST CSF controls are separated into three implementation levels, each of which builds on the previous level. Thus, HITRUST level 2 includes all level 1 controls plus additional control requirements. Level 3 controls include level 2 controls and additional requirements making Level 3 the most secure implementation of the HITRUST CSF.
The cost of HITRUST certification can range from $30,000 to over $200,000, depending on several factors: Organization size, Assessment scope, Preparation & Complexity of IT systems.