Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

HITRUST CSF Inheritance Program

What is HITRUST?

Because of the number of patients seeing medical professionals every day and the nature of their visits, the healthcare industry faces unique security challenges that no other industry sees.  To help mitigate and manage risk, the Health Information Trust Alliance (HITRUST) was created. HITRUST establishes a Common Security Framework (CSF) that allows for the consistent implementation of HIPPA requirements.


What Is the HITRUST Inheritance Program?

Simplify Leveraging Service Provider Security Controls for a CSF Assessment The CSF Inheritance Program enables hosting, cloud, and service providers to make assessment scores available for inheritance into any organization’s assessment—easily, seamlessly, and automatically. Additionally*, organizations have the ability to inherit control scores from one of their assessments and apply them to their other assessments. This program simplifies the process and reduces the effort for hosting and service organization customers. By working with a participating service provider, customers can reduce the required testing and associated costs for inherited controls in a fully automated manner. The HITRUST Inheritance Program allows for cloud hosting and service providers to easily and automatically apply their assessment scores into any organization’s assessment. Additionally, the HITRUST Inheritance Program allows organizations to inherit controls from one of their vendor’s assessments and apply it to their own assessments easily, saving time and resources. By working with a participating managed service provider, organizations can leverage the inheritance program to simplify and streamline the assessment process.


Benefits of the HITRUST Inheritance Program

Key benefits • Awareness of Service Providers Services to those undergoing CSF Assessments • Reduces testing required to get a HITRUST CSF Validated assessment for customers • Reduces data entry associated with HITRUST CSF Validation of applications already hosted in a HITRUST CSF Validated environment • Provides granular inheritance of control requirement scores • Indicates Service Provider’s focus on security By seamlessly lifting and applying assessment scores to other assessments across the board, organizations can reduce the time, effort and associated costs required for testing inherited controls. Other key benefits include:
  • Reducing the testing required
  • Reducing the data entry associated with applications
  • Simplifying the assessments for the task of securing sensitive data
  • Completing the process in a fully automated matter
  • Providing detailed inheritance of control requirement scores
  • Proving the service provider’s focus on security


How it Works With the CSF Inheritance Program, Service Providers will appear in a list of organizations that have a HITRUST CSF Validated assessment. A client can then indicate a specific control requirement should be inherited and then choose their hosting or service provider from the list of participating hosting and service providers. The system validates the relationship, by requesting a verification from the service provider to confirm the services provided. To take advantage of this offering, service providers must have: • MyCSF Subscription • Inheritance Module Subscription • Current HITRUST CSF Validated assessment in good standing More info For more information about the CSF Inheritance Program, contact HITRUST at 855.HITRUST or email us at

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.