The HITRUST Common Security Framework (CSF) allows healthcare entities to demonstrate 合规 with many different standards and regulations such as HIPAA, ISO, NIST, SOC 2, GDPR, PCI, CMS, MARS-E, 和更多的. 你可以在这里了解更多关于他们的背景:
一组选定的HITRUST脑脊液评估员之一, LBMC 网络安全 participated in the effort to integrate security standards from the Centers for Medicare and Medicaid 服务 (CMS) and NIST into the HITRUST Alliance framework. In 2010, 我们成为首批HITRUST脑脊液评估组织之一, making us exceptionally qualified to use HITRUST脑脊液 to ensure your organization’s information is safe and secure.
HITRUST, 与私营部门的领导人合作, 政府, 技术, 以及信息隐私和安全空间, 建立HITRUST脑脊液, 可被任何组织使用的可认证框架, 访问, 商店, 或者交换敏感信息.
每个组织都可以获得梦寐以求的HITRUST脑脊液认证, 但这需要一点耐心, 很多行政支持, and, 有时, 援助之手.
Learn more about HITRUST, HITRUST脑脊液, and the top six key benefits of using a HITRUST assessment.
- 罗宾 巴顿, 股东, Practice Leader, HITRUST Authorized External Assessor Council & 质素小组委员会委员
是否 维护 或者现在就追求认证 is 愉快的时光 审查并确保公司的政策和程序 符合HITRUST标准.
1. 适用性
- 政策 and procedure maturity levels and scoring are only applicable for a r2 assessment.
- e1 and i1 assessments focus on control implementation only but may still require policy and procedure review.
2. 潜伏期
- Remediated or newly implemented policies/procedures must be in place for at least 60 days (about 2 months) to be considered for scoring.
- Policies and procedures in place for 60 days (about 2 months) can be used in validated assessments.
- For implemented, measured, and managed maturity levels, the period is 90 days (about 3 months).
3. 得分
- M成熟度等级被打分 基于 HITRUST控制成熟度评分标准, 考虑 的力量 and 被处理的评价要素的百分比.
4. 格式
文档 | 定义 |
政策 | High-level principles or actions intended to guide present and future decision-making in line with management’s philosophy and 目标. |
过程 | Detailed 中执行特定操作所需的步骤 合规 与标准. |
文档可以 萤火虫e 标准、手册、指南、 and 指令,而不是 只是传统 政策, 或程序文件.
The HITRUST® framework is growing rapidly by helping organizations address security, 隐私, 监管方面的挑战. 然而,有一些常见的误解.
1. 你们能通过HIPAA认证吗?
The HIPAA Security Rule’s standards for safeguards are not prescriptive enough for implementation by healthcare organizations. HITRUST脑脊液®映射到HIPAA安全规则, 违反通知, 及私隐规则, 确保您的组织满足这些要求. The MyCSF 合规 and Reporting Pack for HIPAA generates a report to demonstrate 合规 to auditors or investigators.
2. 认证是否仅限于医疗保健实体?
No, 它适用于各种行业, 包括制造业, 银行, 娱乐, 和电信. 该框架是根据隐私领域领导者的意见制定的, 信息安全, 风险管理, 使其与许多部门相关.
3. 该框架是否由于OCR HIPAA审计失败而创建?
这是不正确的. HITRUST成立于2007年,而OCR的HIPAA审计始于2011年. LBMC自2010年以来一直支持CSF.
4. 组织能否通过NIST网络安全框架(CSF)认证??
是的,许多组织更喜欢NIST CSF. HITRUST provides a NIST CSF report scorecard detailing 合规 with related controls 萤火虫ed in the CSF framework.
5. 该程序是“一次评估,多次报告”的审核程序吗?
Yes, 经验丰富的审计公司可以结合多种审计需求的标准, 从而提高效率, 减少审计疲劳, 更高质量的结果.
6. 该框架能否支持ISO 27001认证工作?
Yes, HITRUST脑脊液框架可以协助ISO 27001认证, but it’s essential to select skilled service providers for 合规 and effectiveness.
The CSF offers comprehensive control requirements and rigorous assessment procedures to gauge the level of residual risk to electronic Protected Health Information (ePHI). 测试必须由经批准的评估人员执行,以确保质量保证.
- 范围和认证选择: The assurance program allows for independent certification or validation against the framework. 这些业务必须由经过培训和审查的评估人员执行, 具有医疗信息安全方面的经验. We can help your organization with the critical step of understanding and defining your scope, 以及为您的组织选择最佳的评估范围策略.
- 准备和咨询服务: LBMC网络安全专家 ensure that your organization is prepared for HITRUST as you embark on the journey of certification, establishing a well-known and generally accepted security framework across any industry. 我们提供准备评估, 项目管理, 修复援助, 分数改进指导, 和更多的.
- 认证(验证、临时、 & 快速再认证评估): 准备好认证或有认证? LBMC可以帮助您. An interim assessment is required one year after certification to evaluate the organization’s current state against the CSF. LBMC网络安全提供此服务并提交年度审查函.
- 桥梁评估: In response to COVID-19 related challenges, extensions for certification periods are permitted. LBMC, 拥有十年的经验和业内最资深的团队, 提供外部评估服务,指导您完成桥梁过程.
作为评估师“十年俱乐部”的领导者, LBMC is the longest-serving assessor in the business with the most experienced team in the industry. 2010年2月, our leaders signed on the dotted line to join a movement that has become the modern-day gold standard in security and 隐私 assessments. We have cultivated a team of assessors led by experts who have contributed to this success the longest.
我们已经帮助无数组织实现了他们的目标 HITRUST脑脊液 认证的目标. 是的,我们在这一过程中吸取了很多教训. 我们是评估委员会的成员,并协助教育和推广行业. We feel compelled and obligated to offer encouragement and advice to those embarking on this journey. 请随时与我们联系,了解我们如何帮助您完成您的旅程!
We’re happy to answer any questions you may have on what our security experts can do for you. 提交以下表格,明升体育app下载专业人员将及时回复您.