The Health Information Trust Alliance, a security and privacy standards development and accreditation organization, released a certification program for a national cybersecurity framework May 22.
The National Institute of Standards and Technology developed the framework, titled the Framework for Improving Critical Infrastructure Cybersecurity, to help organizations across various sectors manage cybersecurity-related risks through standards, guidelines and best practices.
HITRUST added NIST's cybersecurity framework criteria into its existing HITRUST Common Security Framework Assurance Program, a comprehensive security framework that incorporates information protection standards across multiple industries, including healthcare. For example, the HITRUST CSF Assurance Program incorporates control requirements to demonstrate compliance with HIPAA and the European Union's General Data Protection Regulation.
A HITRUST CSF scorecard of the NIST cybersecurity framework aims to provide organizations with compliance ratings and guidance related to each of the framework's subcategories. Organizations may submit these assessments to management, partners and regulators to showcase compliance with NIST's guidance.