HITRUST通用安全框架(CSF)允许医疗保健实体证明符合许多不同的标准和法规,例如HIPAA, ISO, NIST, SOC 2, GDPR, 一种总线标准, CMS, MARS-E, 和更多的. You can learn more about their background here: http://hitrustalliance.net/about-us/
One of a select group of HITRUST脑脊液 assessors, LBMC 网络安全 参与了将医疗保险和医疗补助服务中心(CMS)和NIST的安全标准整合到HITRUST联盟框架中的工作. In 2010, we became one of the first HITRUST脑脊液 assessor organizations, 使我们非常有资格使用HITRUST脑脊液来确保您组织的信息安全可靠.
特色博客文章
网络研讨会:什么是HITRUST?
HITRUST, in collaboration with leaders from the private sector, 政府, 技术, 和 information 隐私 和 security spaces, 建立HITRUST脑脊液, a certifiable framework that can be used by any organization that creates, 访问, 商店, or exchanges sensitive information.
Every organization can achieve the coveted HITRUST脑脊液 Certification, but it will take a little patience, 很多行政支持, 和, 有时, 援助之手.
了解更多关于HITRUST、HITRUST脑脊液的信息,以及使用HITRUST评估的六大主要优势.
On-Dem和 Webinar Duration: 0:05:47
发言人:
- 罗宾 巴顿, HITRUST授权外部评估委员会股东,实践领导者 & 质素小组委员会委员
客户证明
Do your policies 和 procedures address the HITRUST criteria?
是否 维护 或者现在就追求认证 is 愉快的时光 to review 和 ensure your policies 和 procedures 符合HITRUST标准.
1. 适用性
- 策略和程序成熟度级别和评分仅适用于r2评估.
- E1和i1评估仅侧重于控制实施,但可能仍需要审查政策和程序.
2. 潜伏期
- 补救或新实施的政策/程序必须至少实施60天(约2个月)才能考虑评分.
- 政策和程序已实施60天(约2个月),可用于有效评估.
- 对于实现的、度量的和管理的成熟度级别,周期是90天(大约3个月).
3. 得分
- M成熟度等级被打分 基于 the HITRUST Control Maturity 得分 Rubric, 考虑 的力量 和 percentage of evaluative elements being addressed.
4. 格式
文档 | 定义 |
政策 | 高层次的原则或行动,旨在指导当前和未来的决策与管理的哲学和 目标. |
过程 | Detailed steps necessary to perform specific operations in 合规 与标准. |
文档可以 萤火虫e st和ards, h和books, guidelines, 和 指令,而不是 只是传统 政策, 或程序文件.
关于HITRUST的误解
HITRUST®框架通过帮助组织解决安全问题而迅速发展, 隐私, 监管方面的挑战. However, there are common misconceptions.
1. 你们能通过HIPAA认证吗?
HIPAA安全规则的安全标准对于医疗保健组织的实施来说还不够规范. The HITRUST脑脊液® maps to the HIPAA Security Rule, 违反通知, 及私隐规则, assuring that your organization meets these requirements. MyCSF的HIPAA合规性和报告包生成报告,向审核员或调查人员证明合规性.
2. Is certification limited to healthcare entities?
No, it is applicable across various industries, 包括制造业, 银行, 娱乐, 和电信. The framework is developed with input from leaders in 隐私, 信息安全, 风险管理, making it relevant to many sectors.
3. Was the framework created due to failed OCR HIPAA audits?
这是不正确的. HITRUST was founded in 2007, while OCR HIPAA audits began in 2011. LBMC has supported the CSF since 2010.
4. Can an organization certify to the NIST 网络安全 Framework (CSF)?
是的, many organizations prefer the NIST CSF. HITRUST提供了NIST CSF报告记分卡,详细说明了CSF框架中包含的相关控制的合规性.
5. Is this program an “Assess Once, Report Many™” audit program?
是的, experienced audit firms can combine criteria for multiple audit needs, 从而提高效率, 减少审计疲劳, 更高质量的结果.
6. Can the framework support ISO 27001 certification efforts?
是的, The HITRUST脑脊液 framework can assist with ISO 27001 certification, 但是,选择熟练的服务提供商以实现合规性和有效性是至关重要的.
CSF提供全面的控制要求和严格的评估程序,以衡量电子受保护健康信息(ePHI)的剩余风险水平。. 测试必须由经批准的评估人员执行,以确保质量保证.
HITRUST服务
- Scoping 和 Certification Selection: 保证程序允许针对框架进行独立的认证或验证. These engagements must be performed by trained 和 vetted assessors, experienced in healthcare 信息安全. We 能够帮助您的组织理解和定义您的范围这一关键步骤吗, as well as selecting the best assessment scoping strategy for your organization.
- Readiness 和 Consulting 服务: LBMC网络安全专家 确保您的组织在开始认证之旅时为HITRUST做好准备,在所有行业中建立一个众所周知且普遍接受的安全框架. We provide readiness assessments, 项目管理, 修复援助, 分数改进指导, 和更多的.
- Certification (Validation, Interim, & Rapid Recertification Assessments): Ready to certify or have a certification in place? LBMC可以帮助您. 认证一年后需要进行临时评估,以根据CSF评估组织的当前状态. LBMC 网络安全 provides this service 和 submits an Annual Review Letter.
- 桥梁评估: 为应对与COVID-19相关的挑战,允许延长认证期限. LBMC, with a decade of experience 和 the most seasoned team in the industry, offers external assessment services to guide you through the bridge process.
As the leader of the “10-year club” of assessors, LBMC是业内服务时间最长的评估员,拥有业内最有经验的团队. 2010年2月, 明升体育app下载领导人签名加入了一项运动,这项运动已经成为现代安全和隐私评估的黄金标准. 我们已经培养了一个由专家领导的评估团队,他们为这一成功做出了最长的贡献.
We have helped countless organizations reach their HITRUST脑脊液 认证的目标. And, yes, we have learned many lessons along the way. 我们是评估委员会的成员,并协助教育和推广行业. 我们感到有义务和义务为那些踏上这段旅程的人提供鼓励和建议. Please reach out any time with how we can assist you on your journey!
管理团队
我们很乐意回答您明升体育app下载的安全专家可以为您做什么的任何问题. Submit the form below 和 one of our professionals will get back to you promptly.