- Covered about HITRUST ‘gotchas’ and hidden requirements
- Discussed additional requirement statements and do practice scoring
- Close out with marks of success and the very basics of a long-term plan for HITRUST compliance
SEE ALSO: HITRUST CSF Gap Analysis for a Silicon Valley Startup
HITRUST CSF Gap Analysis Takeaways (Day 3)
Jonathan "BBQ" Greeley giving Jeff Pochily the Paubox office tour
Here are some of my takeaways from today:
- HITRUST has a unique definition of the term contractor. It's important to know the distinction.
- Two-factor authentication (2FA) for all important services is vitally important
- Formally document a customer identification process for incoming phone calls and emails
- User access controls must be well defined
- Establish a documented hierarchy of PHI access levels
- Established call schedules twice a week with Jeff going forward until submission
HITRUST AllianceFounded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.
HITRUST RightStart Program
Jeff Pochily with Chris "Linux" Pearson
The RightStart program is aimed at giving startups the tools needed to make information security and compliance easier to establish and manage. The newly introduced program helps startups like us accelerate adoption of the most comprehensive risk management, compliance, privacy and security suite of services in the marketplace.