1 min read

HITRUST CSF gap analysis (day 2) for a Silicon Valley startup

Picture of Hoala Greevy Hoala Greevy December 5, 2018

From the founder
Two professionals reviewing code on laptops at a desk
Tyler Dornenburg and Jeff Pochily covering Anti-Virus policies Jeff Pochily from Kirkpatrick Price was back in our office this morning as day two of our HITRUST CSF Gap Analysis. The Gap Analysis is part of our journey for the HITRUST RightStart program. Here's some of what we covered today for Day 2:
  • Allot more time to discuss scoring, self-assessment, and requirement statements
  • Walk through the basics of the CSF, how requirement statements are determined, and how the CSF is used
  • Start looking at specific requirements and test score several based on our current compliance status

 

SEE ALSO: HITRUST CSF Gap Analysis for a Silicon Valley Startup

 

HITRUST CSF Gap Analysis Takeaways (Day 2)

 

People eating sandwiches at lunch during HITRUST CSF gap analysis meeting

Lunch with Jeff Pochily at Deli Board in SOMA

Here are some of my takeaways from today:

  • A passing score of 3+ in every domain is needed to pass HITRUST, or 3 with Correction Action Plans (CAPs)
  • Corrective Action Plans must show progress at the 1 year mark or be resolved
  • Deli Board is a legit sandwich spot
  • Google only recently attained HITRUST certification
  • Web Application Firewalls are a necessary component of HITRUST
  • According to HITRUST: "The organization does not send PII/PHI over facsimile (FAX), unless it cannot be sent over other, more secure, channels e.g., delivery by hand, secure email."

 

HITRUST Alliance

Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.

In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.

 

HITRUST RightStart Program

The RightStart program is aimed at giving startups the tools needed to make information security and compliance easier to establish and manage.

The newly introduced program helps startups like us accelerate adoption of the most comprehensive risk management, compliance, privacy and security suite of services in the marketplace.

 
Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Team meeting in an office conference room with laptops and notebooks

HITRUST CSF gap analysis (day 3) for a Silicon Valley startup

Picture of Hoala Greevy Hoala Greevy : December 6, 2018

As part of our HITRUST CSF Gap Analysis, Jeff Pochily from Kirkpatrick Price visited our office for a third day. The Gap Analysis is part of our...

HIPAA compliance
Read More
Two professionals discussing at a desk in a modern office

HITRUST CSF gap analysis for a Silicon Valley startup

Picture of Hoala Greevy Hoala Greevy : December 4, 2018

As part of our journey on the HITRUST RightStart program, Jeff Pochily visited our office in San Francisco today. The RightStart program is aimed at...

HIPAA compliance
Read More
Two people at an indoor event or gathering

HITRUST (BTS): Transmission protection & incident response

Picture of Hoala Greevy Hoala Greevy : January 8, 2019

As part of our journey on the RightStart program by HITRUST, we forged ahead today by knocking out swaths of Transmission Protection and Incident...

From the founder HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.