HITRUST Consulting and Certification

BluePrint offers HITRUST Consulting and Certification services for business associates and covered entities.

As a HITRUST assessor, BluePrint Healthcare IT is a leading proponent of a common security standard for the industry. We are active in the HITRUST community and bring the HITRUST Common Security Framework in to all of our engagements. The HITRUST framework not only safeguards patient data, but signals to the healthcare community your organization’s commitment to the highest standards of privacy and security.

According to the Health Information Trust Alliance (HITRUST), the HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

The HITRUST CSF accomplishes seven goals:

  • Harmonizes and cross-references globally-recognized standards, regulations and business requirements, including HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT and state laws
  • Scales controls according to type, size and organization complexity
  • Provides prescriptive requirements to ensure clarity
  • Follows a risk-based approach, offering multiple levels of implementation requirements determined by risks and thresholds
  • Adopts alternate controls, when necessary
  • Evolves on an annual basis according to user input and changing conditions in the healthcare industry and regulatory environment
  • Provides an industry-wide approach for managing Business Associate compliance

Qualified organizations can download the HITRUST CSF free of charge. MyCSF, a secure, Web-based solution for performing assessments, managing remediation activities, and reporting and tracking compliance offers a customized version of this framework and helps in implementation.