<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=323641658531367&amp;ev=PageView&amp;noscript=1">

You might have heard that HITRUST has launched a certification program for the NIST Cybersecurity Framework. The new certification for NIST Cybersecurity Framework (CSF) could pay off big for healthcare organization security teams. They’ll be able to demonstrate security excellence to partners, regulatory agencies, board members and investors.

The NIST Cybersecurity Framework  (CSF) is an established US security standard in its own right, so the “credibility factor” for the certifications value is already there. NIST’s proactive guidance helps organizations learn how to prevent cyber attacks, as well as how to respond to them.

What the HITRUST certification for the NIST CSF does is provide the roadmap healthcare organizations can measure themselves against for security compliance. One caution: those who’ve worked to follow NIST’s guidance outside of a formalized certification process can attest that it requires significant investment - both in terms of time and money.

If you’d like to explore the NIST CSF certification, you’ll first want to take stock of your current privacy and security status. As a healthcare organization or healthcare vendor, you’ll want to start with assuring a robust HIPAA compliance program. From there, you’ll evaluate the resource and financial cost vs the ROI of aiming for HITRUST’s assurance levels.

Bringing NIST CSF into the fold of HITRUST’s CSF Assurance Program, which helps organizations see how they measure against everything from HIPAA to AICPA, rounds out the security side. Plus, the idea of being able to map to one standard then map back to all the various industry criteria likely appeals across industries. In fact, business partners and investors will likely look to HITRUST’s “all things to all industries” approach as a boon when it comes to provable adherence to high privacy and security standards.

The support to meet – and demonstrate - HIPAA privacy and security requirements already exists within Ostendio’s MyVCM, as does the capability to track and manage all the various HITRUST-related  certification activities. The regulation crosswalk is part of the MyVCM product development roadmap, as well.

Ostendio can help your healthcare organization ready itself for certifications, which simultaneously supports building a stronger, more secure compliance program to protect sensitive data.  

Post by Ostendio
February 20, 2019