HITRUST stands for Health Information Trust. It’s a privately held company led in association with leaders from industries like healthcare, technology and information security organizations that formed the HITRUST CSF. CSF is a comprehensive, prescriptive, and certifiable framework that can be used by all organizations that create, access, store or exchange sensitive data. The HITRUST CSF framework incorporates various security, privacy, and other regulatory requirements from existing frameworks and standards, some organizations utilize this framework to demonstrate their security and compliance in a consistent and streamlined manner.


However, HITRUST CSF has garnered criticism for being “cumbersome, expensive, arbitrary, unnecessarily complex”, and using “outdated data.”

How To Get Started With HITRUST Framework?

Cycatz suggests some effective ways to overcome it’s setbacks and to get started with HITRUST. It includes

  • Integrate the HITRUST RMF into the Security Program –
  • Define Security Services (ref: ITIL)
  • Map Controls/Resources to Security Services
  • Develop Annual Work Plan to Address:
    • Remediation Activity (Operational Work and Project Support, including Capital Budget Planning)
    • Keep the Security Program Relevant – Integrate Threat Intelligence (e.g., HITRUST C3) Into Risk Management Processes
  • Develop/Improve/Exercise Incident Management Capabilities
    • Internal Exercises
    • External (Multi-organizational) Exercises (e.g., CyberRX)

To know further, feel free to reach us out 9886012801/[email protected] anytime!