Preparing for Your HITRUST Audit [Part One]


If you are a healthcare provider that creates, collects, stores, or shares personal health information (PHI), then compliance with the HITRUST framework is a federal mandate.

The HITRUST CSF, or the Health Information Trust Alliance Common Security Framework, is similar to HIPAA in that both focus on data and privacy and aim to protect personal data from unauthorized access and theft. The HITRUST CSF, however, specifically addresses information security. It is a comprehensive framework that draws from HIPAA, NIST, PCI DSS, and ISO 27001, as well as from many state laws, aims to provide a uniform, structured process for managing data and systems security and compliance.

In part one of our guide to preparing for your next HITRUST audit, you will:

  • Learn the three levels of specifications for medical providers of different sizes
  • Be advised of the first seven categories within the HITRUST CSF
  • Get a checklist that will help you sail through the rigorous audit process