ADMINISTRATIVE SAFEGUARDS - Security Management Process - Assigned Security Responsibility - Workforce Security, Information Access Management - Security Awareness and Training, Security Incident Procedures - Contingency Plan, Evaluation, Business Associate Contracts and Other Arrangements
HIPAA SECURITY STANDARDS - PHYSICAL SAFEGUARDS - Facility Access, Physical Controls, Workstation Use, Workstation Security, Device and Media Controls
TECHNICAL SAFEGUARDS - Access Control, Audit Controls, Integrity, Person or Entity Authentication, Transmission Security
ORGANIZATIONAL REQUIREMENTS - Business Associate
CONTRACTS AND OTHER ARRANGEMENTS - Requirements for Group Health Plans
HITRUST Common Security Framework:
The CSF integrates and normalizes these different authoritative sources, incorporating key objectives under one umbrella framework that also provides prescriptive implementation requirements for meeting the objectives.
HITRUST CSF accomplishes the following:
Establishes a single benchmark for organizations to facilitate internal and external measurement that incorporates the requirements of applicable standards and regulations including ISO, PCI, COBIT, HIPAA, HITECH, and NIST
Increases trust and transparency among business partners and consumers by incorporating best practices, building confidence, and streamlining interactions across the industry
Obtains industry consensus on the most effective way to address information security while containing the cost of compliance and the number, complexity, and degree of variation in security audits or reviews.
Key Components The HITRUST CSF has the following components:
Information Security Control Specifications: Certifiable and best‐practice based specifications that include sound security governance practices (e.g., organization, policies, etc.) and security control practices (e.g., people, process, technology) that scale according to the type, size, and complexity of each organization.
Standards and Regulations Mapping: A reconciliation of the framework to common and different aspects of generally adopted standards.
Organizational Standards & Policies:
We perform a gap analysis of your standards & policies to determine the following;
Creation of new policies to include level 1 HITRUST language to prepare you for OCR HIPAA audits
Due to process, technology and policy changes
Mature existing policies and standards
Merge policies and standards
It is imparitive that your organization create strong, supported policies and standards to drive compliance
NexTTyme LLC PO Box 620328 Charlotte, NC 28262 Email: Inbox@nexttyme.com