HITRUST Consulting and Certification for Health Systems

As covered entities continue to grapple with full compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules, a clear framework, roadmap and performance measurement criteria for information assurance and compliance management are critical.

BluePrint Healthcare IT'S HITRUST Consulting and Certification service offers an excellent opportunity to evaluate and document the current state of compliance and apply that learning to establish a new baseline and roadmap for information assurance management internally. Additionally, we  help improve the way that covered entities communicate their efforts to patients, stakeholders, the community and industry at large.

Our security assessment uses the HITRUST CSF as a framework to determine the maturity of an organization's information security management program. The HITRUST CSF is mapped to the requirements of HIPAA and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, as well as harmonizes requirements from the Payment Card Industry Data Security Standard (“PCI-DSS”), ISO 2700x guidelines, ISACA’s COBIT, and NIST Special Publications. This creates a framework that provides specific criteria to assess the protection of your information systems' confidentiality, integrity, and availability.

Since its release in 2009, the HITRUST CSF has been enhanced and refined annually to align more closely with NIST 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”. Each year, the CSF incorporates legislative requirements updates and new information around the threats and vulnerabilities that affect healthcare organizations.

BluePrint Healthcare IT's HITRUST CSF Assessment includes:

  • Evaluate your information security controls against the HITRUST CSF.
  • Document a report of findings and Corrective Action Plan (CAP).
  • Assist with the submission of baseline assessment results into the HITRUST Alliance’s ‘MyCSF’ web application for validation/certification.
  • As a Certified Assessor, BluePrint will act as a liaison to HITRUST throughout the submission process.
  • Present and review findings/recommendations in a stakeholder’s briefing session.