What is HITRUST CSF certification?

Featured image

Share this article

 

hitrust and hipaa

HITRUST® is a standards development organization that was founded in 2007. It develops and maintains a healthcare compliance framework called the HITRUST CSF™.

According to HITRUST, the CSF is:


“A certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.”


The HITRUST CSF is designed to unify security controls from federal law (HIPAA), state law, and non-governmental frameworks (PCI-DSS) into a single framework that’s tailored towards use in the healthcare industry.

To become HITRUST CSF certified, healthcare organizations typically follow a 4-step process:

  1. Leverage the HITRUST CSF assessment tool to identify applicable HITRUST Controls
  2. Complete HITRUST CSF assessment and engage a third-party HITRUST auditor to test controls
  3. Organization and auditor both submit their assessment to HITRUST for review via the MyCSF Portal
  4. Achieve HITRUST certification

Amazon Web Services (AWS) and HITRUST

If you are a cloud software company like Paubox, choosing the right cloud vendor for compliance and cybersecurity is vitally important. As such, Paubox has been a customer with Amazon Web Services (AWS) since day one.

To address security and compliance, AWS uses a Shared Responsibility Model.

Under this model, AWS manages security of the Cloud and its underlying infrastructure, while security in the Cloud is the responsibility of the customer.

AWS customers have a broad range of controls to implement to protect content, platform, applications, systems and networks.

In the context of compliance, AWS offers customers compliance-ready infrastructure and provides tools and services they can use to be compliant on the AWS Cloud.

To help customers with their HIPAA and/or HITRUST compliance, AWS provides access to a suite of both AWS-native tools and services designed for use by customers to secure their workloads and encrypt and obfuscate PHI.

AWS offers customers who need a Business Associate Agreement (BAA) for HIPAA compliance.

SEE ALSO: Is Amazon Web Services (AWS) HIPAA Compliant?

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022