Schellman & Company, profile picture
Uploaded bySchellman & Company
651 views

Get Ready Now for HITRUST 2017

The document provides a comprehensive guide to HITRUST certification, detailing its background, the Common Security Framework (CSF), and the necessary steps for certification. It outlines the significance of the CSF in addressing healthcare security concerns and includes information on the assessment process and organizational scoping. The certification process involves multiple steps, including project planning, evidence examination, technical testing, and compliance scoring, ultimately leading to a certification valid for two years.

Embed presentation

Downloaded 43 times
Get Ready Now for HITRUST 2017 | 1 Get Ready Now for HITRUST 2017 Your Map to HITRUST Certification
Get Ready Now for HITRUST 2017 | 2 01. Background / Overview 02. The CSF Framework 03. Scope and Approach 04. Options 05. Steps to Certification 06. Process 07. Q&A Agenda
Get Ready Now for HITRUST 2017 | 3 Background & Overview 01
Get Ready Now for HITRUST 2017 | 4 HITRUST Overview • Began in 2007, first version released in 2009 • Meet demand of healthcare challenges – Inconsistency – Inefficiencies – Increasing cost – Increasing risk
Get Ready Now for HITRUST 2017 | 5 Announcement
Get Ready Now for HITRUST 2017 | 6 Overview of Expansion • CSF Certification • Anthem/Cigna, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group Significance • Effective security and privacy practices
Get Ready Now for HITRUST 2017 | 7 Why the Expansion? • Increasing cyber threats • Significance of Business Associates • Interconnection of healthcare industry • Beyond HIPAA • Minimize the duplicity, costs and inefficiencies
Get Ready Now for HITRUST 2017 | 8 Mandatory? YES! (For Business Associates of these Healthcare Organizations)
Get Ready Now for HITRUST 2017 | 9 7,500An additional 7,500 organizations that do not currently have a CSF Certification do so with within the next 24 months.
Get Ready Now for HITRUST 2017 | 10 Overview of the Common Security Framework02
Get Ready Now for HITRUST 2017 | 11 CSF Overview • CSF – Defined set of requirements – Prescriptive requirements – Meet the challenges in healthcare security – Secure protected health information
Get Ready Now for HITRUST 2017 | 12 Overview of the CSF • ISO 27001 • PCI-DSS • HIPAA/HITECH • Meaningful Use • NIST 800-53 • FTC Red Flags • CMS • Privacy Laws
Get Ready Now for HITRUST 2017 | 13 Organization of the CSF • Establishes a single benchmark • Increases trust and transparency • Obtains industry consensus
Get Ready Now for HITRUST 2017 | 14 CSF and Privacy • CSF version 7 – Inclusion of privacy – Satisfy health care regulations in TX, MA, and NV
Get Ready Now for HITRUST 2017 | 15 Purpose & Scope 03
Get Ready Now for HITRUST 2017 | 16 Purpose • Harmonizes privacy and security standards • Establishes framework of controls • Build trust and assurance • Highlights credibility • Helps eliminate the need for redundant audits
Get Ready Now for HITRUST 2017 | 17 Define Scope • Entire organization environment • Segmented portions – Single location – Single business unit – Single application • Covered information
Get Ready Now for HITRUST 2017 | 18 Define Scope • Assessment options – Security Assessment – Security & Privacy Assessment – Comprehensive Security Assessment – Comprehensive Security & Privacy Assessment
Get Ready Now for HITRUST 2017 | 19 Scope of CSF • Assessment factors – Organizational factors – System factors – Regulatory factors
Get Ready Now for HITRUST 2017 | 20 Scope of CSF • 14 control categories – 13 for Security – 1 for Privacy • 46 control objectives • 149 control specifications – Grouped within 19 assessment domains
Get Ready Now for HITRUST 2017 | 21 Scope of CSF CSF Assessment Domains Information Protection Program Access Control Endpoint Protection Audit Logging & Monitoring Portable Media Security Education, Training and Awareness Mobile Device Security Third Party Assurance Wireless Security Incident Management Configuration Management Business Continuity & Disaster Recovery Vulnerability Management Risk Management Network Protection Physical & Environmental Security Transmission Protection Data Protection & Privacy Password Management
Get Ready Now for HITRUST 2017 | 22 MyCSF • Access to the CSF and authoritative source • Perform assessments • Reporting/Tracking compliance • Document remediation in Corrective Action Plan (CAPs) • Benchmarking
Get Ready Now for HITRUST 2017 | 23 Implementation Levels • Generated by myCSF • Levels are 1, 2, and 3 • Level 1 in baseline, each additional level increases number of required controls • Adapted from NIST SP-800 series
Get Ready Now for HITRUST 2017 | 24 Options 04
Get Ready Now for HITRUST 2017 | 25 • Self Assessment • CSF Validated Assessment Types
Get Ready Now for HITRUST 2017 | 26 • Self Assessment • CSF Validated Assessment Types
Get Ready Now for HITRUST 2017 | 27 • Self Assessment – No validation – 3rd party can facilitate assessment – 3rd party can provide review and feedback Assessment Types
Get Ready Now for HITRUST 2017 | 28 • Validated – HITRUST approved CSF Assessor – On-site fieldwork • Interviews • Technical testing Assessment Types
Get Ready Now for HITRUST 2017 | 29 • Self-assessment • CSF Certified – Minimum maturity scoring of 3 in ALL assessment domains • CSF Validated – Minimum maturity rating of below 3 in ANY assessment domains Report Types
Get Ready Now for HITRUST 2017 | 30 Steps to Certification 05
Get Ready Now for HITRUST 2017 | 31 oneInitial Project Planning
Get Ready Now for HITRUST 2017 | 32 • Executive support • Assignment of a main point of contact • Determining scope • Determining system boundaries • Communication with process owners Project Planning
Get Ready Now for HITRUST 2017 | 33 twoOrganizational and System Scoping
Get Ready Now for HITRUST 2017 | 34 • Location(s) • Application(s) • Device(s) • Regulatory requirement(s) • Third party service organization(s) Organizational and System Scoping
Get Ready Now for HITRUST 2017 | 35 threeAssessment Preparation
Get Ready Now for HITRUST 2017 | 36 • Project calendars • Evidence request lists • Identification of process owners • Interview scheduling Assessment Preparation
Get Ready Now for HITRUST 2017 | 37 fourExamine Documentation and Practices
Get Ready Now for HITRUST 2017 | 38 • Policy documents • Documented procedures • Processes Examine Documentation and Practices
Get Ready Now for HITRUST 2017 | 39 fiveConduct Interviews
Get Ready Now for HITRUST 2017 | 40 • Process owners • Verify process controls • Confirmation of evidence Conduct Interviews
Get Ready Now for HITRUST 2017 | 41 sixPerform Review and Technical Testing
Get Ready Now for HITRUST 2017 | 42 • Perform walkthroughs • Automated control configurations • Manual control sampling – HITRUST sampling methodology Perform Technical Testing
Get Ready Now for HITRUST 2017 | 43 • Compliance scoring – Control requirement • Policy • Procedure • Implemented • Managed • Measured Review Technical Testing
Get Ready Now for HITRUST 2017 | 44 • Compliance scoring – Control requirement • Policy • Procedure • Implemented • Managed • Measured Review Technical Testing – Maturity rating • Non-compliant (0%) • Somewhat compliant (25%) • Partially compliant (50%) • Mostly compliant (75%) • Fully compliant (100%)
Get Ready Now for HITRUST 2017 | 45 • Compliance scoring example Review Technical Testing
Get Ready Now for HITRUST 2017 | 46 sevenAlternate Control Identification and Selection
Get Ready Now for HITRUST 2017 | 47 • Only if non-compliant CSF controls exist • Identify compensating controls • Residual compliance scoring Alternate Control Identification and Testing
Get Ready Now for HITRUST 2017 | 48 eightReporting
Get Ready Now for HITRUST 2017 | 49 • Prepare for submission to HITRUST – Assessor testing – Management representation letter – Remediation plans (CAPs) • HITRUST QA Review – 4 – 6 weeks Reporting
Get Ready Now for HITRUST 2017 | 50 nineRemediation Tracking
Get Ready Now for HITRUST 2017 | 51 • Corrective Action Plan (CAP) progress – CAP Owner – Implementation plan – Expected completion date • Residual risk score adjustments Remediation Tracking
Get Ready Now for HITRUST 2017 | 52 The Certification Process 06
Get Ready Now for HITRUST 2017 | 53 Issuing Certification
Get Ready Now for HITRUST 2017 | 54 Issuing Certification
Get Ready Now for HITRUST 2017 | 55 Issuing Certification
Get Ready Now for HITRUST 2017 | 56 Issuing Certification
Get Ready Now for HITRUST 2017 | 57 Issuing Certification • Valid 2 years – Annual review • Within 2 months following the 1-year anniversary • Continuous monitoring requirements – CAP remediation
Get Ready Now for HITRUST 2017 | 58 LEARN MORE ABOUT HITRUST click here

More Related Content

PDF
UoF - HITRUST & Risk Analysis v1
byBryan Cline, Ph.D.
 
PDF
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
bySchellman & Company
 
PDF
Hitrust csf-assurance-program-requirements-v1 3-final
byajcob123
 
PDF
HITRUST CSF Meaningful use risk assessment
byVinit Thakur
 
PPTX
HealthCare Compliance - HIPAA and HITRUST
byKimberly Simon MBA
 
DOCX
Common Security Framework Summary
byJason Rusch - CISSP CGEIT CISM CISA GNSA
 
PDF
HITRUST 101: All the basics you need to know
by➲ Stella Bridges
 
PDF
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
byHealth IT Conference – iHT2
 
UoF - HITRUST & Risk Analysis v1
byBryan Cline, Ph.D.
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
bySchellman & Company
 
Hitrust csf-assurance-program-requirements-v1 3-final
byajcob123
 
HITRUST CSF Meaningful use risk assessment
byVinit Thakur
 
HealthCare Compliance - HIPAA and HITRUST
byKimberly Simon MBA
 
Common Security Framework Summary
byJason Rusch - CISSP CGEIT CISM CISA GNSA
 
HITRUST 101: All the basics you need to know
by➲ Stella Bridges
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
byHealth IT Conference – iHT2
 

What's hot

PPTX
HITRUST CSF in the Cloud
byOnRamp
 
PDF
HITRUST Article
byAlexis Kennedy, CPA, CISA
 
PDF
HealthCare Compliance - HIPAA & HITRUST
byKimberly Simon MBA
 
PPTX
Healthcare Compliance: HIPAA and HITRUST
byControlCase
 
PDF
The CSA STAR Program: Certification & Attestation
bySchellman & Company
 
PDF
Health care compliance webinar may 10 2017
byKimberly Simon MBA
 
PPTX
Integrated Compliance
byKimberly Simon MBA
 
PPTX
General Data Protection Regulation (GDPR)
byControlCase
 
PPTX
Meaningful Use and Security Risk Analysis
byEvan Francen
 
PPTX
MindLeaf - HIPAA privacy and cybersecurity insurance
bymindleaftechnologies
 
PDF
What do Secure, HIPAA Compliant, Clouds Mean to SOA in Healthcare?
byShahid Shah
 
PPTX
HIPAA omnibus rule update
byO'Connor Davies CPAs
 
PPTX
Performing One Audit Using Zero Trust Principles
byControlCase
 
PPTX
HITRUST Certification
byControlCase
 
PPSX
Mbm Hipaa Hitech Ss Compliance Risk Assessment
byMBMeHealthCareSolutions
 
PDF
HIPAA HiTech Security Assessment
bydata brackets
 
PPTX
Vendor risk management webinar 10022019 v1
byControlCase
 
PPTX
Continuous Compliance Monitoring
byControlCase
 
PDF
What Covered Entities Need to Know about OCR HIPAA Audit​s
byIatric Systems
 
PDF
CSA STAR Program
bySchellman & Company
 
HITRUST CSF in the Cloud
byOnRamp
 
HITRUST Article
byAlexis Kennedy, CPA, CISA
 
HealthCare Compliance - HIPAA & HITRUST
byKimberly Simon MBA
 
Healthcare Compliance: HIPAA and HITRUST
byControlCase
 
The CSA STAR Program: Certification & Attestation
bySchellman & Company
 
Health care compliance webinar may 10 2017
byKimberly Simon MBA
 
Integrated Compliance
byKimberly Simon MBA
 
General Data Protection Regulation (GDPR)
byControlCase
 
Meaningful Use and Security Risk Analysis
byEvan Francen
 
MindLeaf - HIPAA privacy and cybersecurity insurance
bymindleaftechnologies
 
What do Secure, HIPAA Compliant, Clouds Mean to SOA in Healthcare?
byShahid Shah
 
HIPAA omnibus rule update
byO'Connor Davies CPAs
 
Performing One Audit Using Zero Trust Principles
byControlCase
 
HITRUST Certification
byControlCase
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
byMBMeHealthCareSolutions
 
HIPAA HiTech Security Assessment
bydata brackets
 
Vendor risk management webinar 10022019 v1
byControlCase
 
Continuous Compliance Monitoring
byControlCase
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
byIatric Systems
 
CSA STAR Program
bySchellman & Company
 

Viewers also liked

PDF
HITRUST CSF Topology
byJason Rusch - CISSP CGEIT CISM CISA GNSA
 
PDF
Privacy and Security Tiger Team 010813
byBrian Ahier
 
PDF
NHIN Privacy & Security
byBrian Ahier
 
PPTX
The Four Balancing Acts Involved with Healthcare Data Security Frameworks
byHealth Catalyst
 
PDF
HIPAA and How it Applies to You
byWinston & Strawn LLP
 
PDF
NISTs Cybersecurity Framework -- Comparison with Best Practice
byDavid Ochel
 
PDF
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
PPTX
How will the Internet of Things look by 2025?
byPew Research Center's Internet & American Life Project
 
PDF
Protecting Data in the Age of Cybercrime and Data Breach
byLogikcull.com
 
PDF
DVHIMSS Ensuring Privacy and Security of HIEs in PA
byWilliam Buddy Gillespie ITIL Certified
 
PPTX
Digital Divides 2016 - Internet Governance Forum
byPew Research Center's Internet & American Life Project
 
PDF
How to Make Awesome SlideShares: Tips & Tricks
bySlideshare
 
PDF
Getting Started With SlideShare
bySlideshare
 
HITRUST CSF Topology
byJason Rusch - CISSP CGEIT CISM CISA GNSA
 
Privacy and Security Tiger Team 010813
byBrian Ahier
 
NHIN Privacy & Security
byBrian Ahier
 
The Four Balancing Acts Involved with Healthcare Data Security Frameworks
byHealth Catalyst
 
HIPAA and How it Applies to You
byWinston & Strawn LLP
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
byDavid Ochel
 
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
How will the Internet of Things look by 2025?
byPew Research Center's Internet & American Life Project
 
Protecting Data in the Age of Cybercrime and Data Breach
byLogikcull.com
 
DVHIMSS Ensuring Privacy and Security of HIEs in PA
byWilliam Buddy Gillespie ITIL Certified
 
Digital Divides 2016 - Internet Governance Forum
byPew Research Center's Internet & American Life Project
 
How to Make Awesome SlideShares: Tips & Tricks
bySlideshare
 
Getting Started With SlideShare
bySlideshare
 

Similar to Get Ready Now for HITRUST 2017

PPTX
hitrust101-allthebasicsyouneedtoknow-1901041704sdsda51.pptx
bybabydonthurtme303
 
PDF
Compliance 101 HITRUST Update.pdf
byAmyPoblete3
 
PPTX
Mastering CCSFP Certification: Complete Guide to HITRUST CSF Practitioner
bym4ryamkhan547
 
PPTX
HITRUST Overview and AI Assessments Webinar.pptx
byAmyPoblete3
 
PDF
HIPAA and HITRUST on AWS
byLogicworksNY
 
DOCX
Annotated Bibliography for Health Information Trust Alliance (.docx
bydaniahendric
 
PDF
NIPP Healthacre Sector Cybersecurity Framework
byDavid Sweigert
 
PPTX
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
byssusere84743
 
PDF
Tech Refresh - Cybersecurity in Healthcare
byCompTIA
 
PPTX
Checklist for Competent Cloud Security Management
byCloud Credential Council
 
PPTX
C2M2 V2.1 Self-Evaluation Workshop Kickoff Presentation -- July 2023.pptx
byZharfanHanif
 
PPTX
PenTest++Chapter+1+Planning+and+Scoping.pptx
bySuhibALdajah1
 
PDF
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
byCohesive Networks
 
PPTX
CSA STAR Webinar Presentation to know in detail
byAyilurRamnath1
 
PPTX
CompTIA PenTest+ Exam (PT0-001) Exam Review
byJoseph Holbrook, Chief Learning Officer (CLO)
 
PPTX
CompTIA PenTest+ BETA EXAM CODE PT1-001
byJoseph Holbrook, Chief Learning Officer (CLO)
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
PDF
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
byDr Dev Kambhampati
 
PDF
Himss Cybersecurity; Health informatics, Cloud & Devices
byTrustRobin
 
PPTX
Cybersecurity Capability Maturity Model (C2M2)
byMaganathin Veeraragaloo
 
hitrust101-allthebasicsyouneedtoknow-1901041704sdsda51.pptx
bybabydonthurtme303
 
Compliance 101 HITRUST Update.pdf
byAmyPoblete3
 
Mastering CCSFP Certification: Complete Guide to HITRUST CSF Practitioner
bym4ryamkhan547
 
HITRUST Overview and AI Assessments Webinar.pptx
byAmyPoblete3
 
HIPAA and HITRUST on AWS
byLogicworksNY
 
Annotated Bibliography for Health Information Trust Alliance (.docx
bydaniahendric
 
NIPP Healthacre Sector Cybersecurity Framework
byDavid Sweigert
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
byssusere84743
 
Tech Refresh - Cybersecurity in Healthcare
byCompTIA
 
Checklist for Competent Cloud Security Management
byCloud Credential Council
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff Presentation -- July 2023.pptx
byZharfanHanif
 
PenTest++Chapter+1+Planning+and+Scoping.pptx
bySuhibALdajah1
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
byCohesive Networks
 
CSA STAR Webinar Presentation to know in detail
byAyilurRamnath1
 
CompTIA PenTest+ Exam (PT0-001) Exam Review
byJoseph Holbrook, Chief Learning Officer (CLO)
 
CompTIA PenTest+ BETA EXAM CODE PT1-001
byJoseph Holbrook, Chief Learning Officer (CLO)
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
byDr Dev Kambhampati
 
Himss Cybersecurity; Health informatics, Cloud & Devices
byTrustRobin
 
Cybersecurity Capability Maturity Model (C2M2)
byMaganathin Veeraragaloo
 

More from Schellman & Company

PDF
Privacy in the Cloud- Introduction to ISO 27018
bySchellman & Company
 
PDF
Demystifying the Cyber NISTs
bySchellman & Company
 
PDF
Determining Scope for PCI DSS Compliance
bySchellman & Company
 
PDF
Privacy shield: What You Need To Know About Storing EU Data
bySchellman & Company
 
PDF
Everything You Need To Know About SOC 1
bySchellman & Company
 
PDF
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
bySchellman & Company
 
PDF
PA-DSS and Application Penetration Testing
bySchellman & Company
 
PDF
STAND OUT: Why You Should Become ISO 27001 Certified
bySchellman & Company
 
PDF
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
bySchellman & Company
 
PDF
SOC 2 and You
bySchellman & Company
 
PDF
SOC 2: Build Trust and Confidence
bySchellman & Company
 
PDF
SOC 1 Overview
bySchellman & Company
 
PDF
12 Steps to Preparing for a QAR
bySchellman & Company
 
PDF
EPCS Overview
bySchellman & Company
 
PDF
PCI DSS 3.0 Overview and Key Updates
bySchellman & Company
 
PDF
10 Steps Toward FedRAMP Compliance
bySchellman & Company
 
PDF
Your've Been Hacked in Florida! Now What?
bySchellman & Company
 
Privacy in the Cloud- Introduction to ISO 27018
bySchellman & Company
 
Demystifying the Cyber NISTs
bySchellman & Company
 
Determining Scope for PCI DSS Compliance
bySchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
bySchellman & Company
 
Everything You Need To Know About SOC 1
bySchellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
bySchellman & Company
 
PA-DSS and Application Penetration Testing
bySchellman & Company
 
STAND OUT: Why You Should Become ISO 27001 Certified
bySchellman & Company
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
bySchellman & Company
 
SOC 2 and You
bySchellman & Company
 
SOC 2: Build Trust and Confidence
bySchellman & Company
 
SOC 1 Overview
bySchellman & Company
 
12 Steps to Preparing for a QAR
bySchellman & Company
 
EPCS Overview
bySchellman & Company
 
PCI DSS 3.0 Overview and Key Updates
bySchellman & Company
 
10 Steps Toward FedRAMP Compliance
bySchellman & Company
 
Your've Been Hacked in Florida! Now What?
bySchellman & Company
 

Recently uploaded

PPTX
Muscle Insufficiency Tone Power Endurance Fit ,Rigidity
byHome
 
PPTX
iv fluid therapy with special emphasis in renal disease
bykrishiprasad71
 
PDF
NABH 6th Edition Assessor Question Bank & Evidence Manual.pdf
byDr Jitu Lal Meena
 
PPTX
INDEPTH Strategic Plan 2017-2021 Presentation.pptx
byWagariKalbessa
 
PPTX
Photometry: Principles, Instrument Components & Laboratory Applications | BMLT
byKarthik Kamath
 
PDF
The Role of Mid Day Meal Schemes in Reducing Classroom Hunger
byAkshaya Patra Foundation USA
 
PDF
probiotics.pdf Pharmacognosy, F.Y.D.Pharm
byChaitali Bhavar
 
PPTX
Child abuse child health nursing ppt Document from Mahi.pptx
bymahirav305
 
PDF
Trusted Chiropractor in Chicago il for Pain Relief
byLex 4 Health
 
PDF
Diabetic Foot Ulcer Symptoms, Treatment, and Evidence-Based Management.pdf
bybenjamintaylor291996
 
PPTX
Vitamin A deficiency, Vitamin A deficiency.pptx
byMeghna Verma
 
PDF
Raman Bhaumik - A Licensed Pharmacist
byRaman Bhaumik
 
PDF
Unit 1 cosmetic-science INTRODUCTION CLASSIFICATION
byPravara Rural Education Societies Institute of Pharmacy, Loni
 
PDF
Raman Bhaumik - Passionate About Mentoring Aspiring Pharmacists
byRaman Bhaumik
 
PPTX
ressisted exericises .pptx by gokulkrishnan
byGOKULAKRISHNAN JANARTHANAN
 
PDF
Unit 4; Concept of medical and surgical asepsis
byrobinam733
 
PDF
Medical Billing Audit Checklist for Practice Owners and Managers
byCHB Medical Billing
 
PDF
eClaim Solution | Your Trusted Partner in Medical Billing
byeClaim Solution
 
PPTX
Best-Dental-Insurance-Eligibility-Verification-Services.pptx
byTrans Dental
 
PPTX
MNS Care for FLW- CMD & SMD for public health
byHarsha Wakodkar
 
Muscle Insufficiency Tone Power Endurance Fit ,Rigidity
byHome
 
iv fluid therapy with special emphasis in renal disease
bykrishiprasad71
 
NABH 6th Edition Assessor Question Bank & Evidence Manual.pdf
byDr Jitu Lal Meena
 
INDEPTH Strategic Plan 2017-2021 Presentation.pptx
byWagariKalbessa
 
Photometry: Principles, Instrument Components & Laboratory Applications | BMLT
byKarthik Kamath
 
The Role of Mid Day Meal Schemes in Reducing Classroom Hunger
byAkshaya Patra Foundation USA
 
probiotics.pdf Pharmacognosy, F.Y.D.Pharm
byChaitali Bhavar
 
Child abuse child health nursing ppt Document from Mahi.pptx
bymahirav305
 
Trusted Chiropractor in Chicago il for Pain Relief
byLex 4 Health
 
Diabetic Foot Ulcer Symptoms, Treatment, and Evidence-Based Management.pdf
bybenjamintaylor291996
 
Vitamin A deficiency, Vitamin A deficiency.pptx
byMeghna Verma
 
Raman Bhaumik - A Licensed Pharmacist
byRaman Bhaumik
 
Unit 1 cosmetic-science INTRODUCTION CLASSIFICATION
byPravara Rural Education Societies Institute of Pharmacy, Loni
 
Raman Bhaumik - Passionate About Mentoring Aspiring Pharmacists
byRaman Bhaumik
 
ressisted exericises .pptx by gokulkrishnan
byGOKULAKRISHNAN JANARTHANAN
 
Unit 4; Concept of medical and surgical asepsis
byrobinam733
 
Medical Billing Audit Checklist for Practice Owners and Managers
byCHB Medical Billing
 
eClaim Solution | Your Trusted Partner in Medical Billing
byeClaim Solution
 
Best-Dental-Insurance-Eligibility-Verification-Services.pptx
byTrans Dental
 
MNS Care for FLW- CMD & SMD for public health
byHarsha Wakodkar
 

Get Ready Now for HITRUST 2017

  • 1.
    Get Ready Nowfor HITRUST 2017 | 1 Get Ready Now for HITRUST 2017 Your Map to HITRUST Certification
  • 2.
    Get Ready Nowfor HITRUST 2017 | 2 01. Background / Overview 02. The CSF Framework 03. Scope and Approach 04. Options 05. Steps to Certification 06. Process 07. Q&A Agenda
  • 3.
    Get Ready Nowfor HITRUST 2017 | 3 Background & Overview 01
  • 4.
    Get Ready Nowfor HITRUST 2017 | 4 HITRUST Overview • Began in 2007, first version released in 2009 • Meet demand of healthcare challenges – Inconsistency – Inefficiencies – Increasing cost – Increasing risk
  • 5.
    Get Ready Nowfor HITRUST 2017 | 5 Announcement
  • 6.
    Get Ready Nowfor HITRUST 2017 | 6 Overview of Expansion • CSF Certification • Anthem/Cigna, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group Significance • Effective security and privacy practices
  • 7.
    Get Ready Nowfor HITRUST 2017 | 7 Why the Expansion? • Increasing cyber threats • Significance of Business Associates • Interconnection of healthcare industry • Beyond HIPAA • Minimize the duplicity, costs and inefficiencies
  • 8.
    Get Ready Nowfor HITRUST 2017 | 8 Mandatory? YES! (For Business Associates of these Healthcare Organizations)
  • 9.
    Get Ready Nowfor HITRUST 2017 | 9 7,500An additional 7,500 organizations that do not currently have a CSF Certification do so with within the next 24 months.
  • 10.
    Get Ready Nowfor HITRUST 2017 | 10 Overview of the Common Security Framework02
  • 11.
    Get Ready Nowfor HITRUST 2017 | 11 CSF Overview • CSF – Defined set of requirements – Prescriptive requirements – Meet the challenges in healthcare security – Secure protected health information
  • 12.
    Get Ready Nowfor HITRUST 2017 | 12 Overview of the CSF • ISO 27001 • PCI-DSS • HIPAA/HITECH • Meaningful Use • NIST 800-53 • FTC Red Flags • CMS • Privacy Laws
  • 13.
    Get Ready Nowfor HITRUST 2017 | 13 Organization of the CSF • Establishes a single benchmark • Increases trust and transparency • Obtains industry consensus
  • 14.
    Get Ready Nowfor HITRUST 2017 | 14 CSF and Privacy • CSF version 7 – Inclusion of privacy – Satisfy health care regulations in TX, MA, and NV
  • 15.
    Get Ready Nowfor HITRUST 2017 | 15 Purpose & Scope 03
  • 16.
    Get Ready Nowfor HITRUST 2017 | 16 Purpose • Harmonizes privacy and security standards • Establishes framework of controls • Build trust and assurance • Highlights credibility • Helps eliminate the need for redundant audits
  • 17.
    Get Ready Nowfor HITRUST 2017 | 17 Define Scope • Entire organization environment • Segmented portions – Single location – Single business unit – Single application • Covered information
  • 18.
    Get Ready Nowfor HITRUST 2017 | 18 Define Scope • Assessment options – Security Assessment – Security & Privacy Assessment – Comprehensive Security Assessment – Comprehensive Security & Privacy Assessment
  • 19.
    Get Ready Nowfor HITRUST 2017 | 19 Scope of CSF • Assessment factors – Organizational factors – System factors – Regulatory factors
  • 20.
    Get Ready Nowfor HITRUST 2017 | 20 Scope of CSF • 14 control categories – 13 for Security – 1 for Privacy • 46 control objectives • 149 control specifications – Grouped within 19 assessment domains
  • 21.
    Get Ready Nowfor HITRUST 2017 | 21 Scope of CSF CSF Assessment Domains Information Protection Program Access Control Endpoint Protection Audit Logging & Monitoring Portable Media Security Education, Training and Awareness Mobile Device Security Third Party Assurance Wireless Security Incident Management Configuration Management Business Continuity & Disaster Recovery Vulnerability Management Risk Management Network Protection Physical & Environmental Security Transmission Protection Data Protection & Privacy Password Management
  • 22.
    Get Ready Nowfor HITRUST 2017 | 22 MyCSF • Access to the CSF and authoritative source • Perform assessments • Reporting/Tracking compliance • Document remediation in Corrective Action Plan (CAPs) • Benchmarking
  • 23.
    Get Ready Nowfor HITRUST 2017 | 23 Implementation Levels • Generated by myCSF • Levels are 1, 2, and 3 • Level 1 in baseline, each additional level increases number of required controls • Adapted from NIST SP-800 series
  • 24.
    Get Ready Nowfor HITRUST 2017 | 24 Options 04
  • 25.
    Get Ready Nowfor HITRUST 2017 | 25 • Self Assessment • CSF Validated Assessment Types
  • 26.
    Get Ready Nowfor HITRUST 2017 | 26 • Self Assessment • CSF Validated Assessment Types
  • 27.
    Get Ready Nowfor HITRUST 2017 | 27 • Self Assessment – No validation – 3rd party can facilitate assessment – 3rd party can provide review and feedback Assessment Types
  • 28.
    Get Ready Nowfor HITRUST 2017 | 28 • Validated – HITRUST approved CSF Assessor – On-site fieldwork • Interviews • Technical testing Assessment Types
  • 29.
    Get Ready Nowfor HITRUST 2017 | 29 • Self-assessment • CSF Certified – Minimum maturity scoring of 3 in ALL assessment domains • CSF Validated – Minimum maturity rating of below 3 in ANY assessment domains Report Types
  • 30.
    Get Ready Nowfor HITRUST 2017 | 30 Steps to Certification 05
  • 31.
    Get Ready Nowfor HITRUST 2017 | 31 oneInitial Project Planning
  • 32.
    Get Ready Nowfor HITRUST 2017 | 32 • Executive support • Assignment of a main point of contact • Determining scope • Determining system boundaries • Communication with process owners Project Planning
  • 33.
    Get Ready Nowfor HITRUST 2017 | 33 twoOrganizational and System Scoping
  • 34.
    Get Ready Nowfor HITRUST 2017 | 34 • Location(s) • Application(s) • Device(s) • Regulatory requirement(s) • Third party service organization(s) Organizational and System Scoping
  • 35.
    Get Ready Nowfor HITRUST 2017 | 35 threeAssessment Preparation
  • 36.
    Get Ready Nowfor HITRUST 2017 | 36 • Project calendars • Evidence request lists • Identification of process owners • Interview scheduling Assessment Preparation
  • 37.
    Get Ready Nowfor HITRUST 2017 | 37 fourExamine Documentation and Practices
  • 38.
    Get Ready Nowfor HITRUST 2017 | 38 • Policy documents • Documented procedures • Processes Examine Documentation and Practices
  • 39.
    Get Ready Nowfor HITRUST 2017 | 39 fiveConduct Interviews
  • 40.
    Get Ready Nowfor HITRUST 2017 | 40 • Process owners • Verify process controls • Confirmation of evidence Conduct Interviews
  • 41.
    Get Ready Nowfor HITRUST 2017 | 41 sixPerform Review and Technical Testing
  • 42.
    Get Ready Nowfor HITRUST 2017 | 42 • Perform walkthroughs • Automated control configurations • Manual control sampling – HITRUST sampling methodology Perform Technical Testing
  • 43.
    Get Ready Nowfor HITRUST 2017 | 43 • Compliance scoring – Control requirement • Policy • Procedure • Implemented • Managed • Measured Review Technical Testing
  • 44.
    Get Ready Nowfor HITRUST 2017 | 44 • Compliance scoring – Control requirement • Policy • Procedure • Implemented • Managed • Measured Review Technical Testing – Maturity rating • Non-compliant (0%) • Somewhat compliant (25%) • Partially compliant (50%) • Mostly compliant (75%) • Fully compliant (100%)
  • 45.
    Get Ready Nowfor HITRUST 2017 | 45 • Compliance scoring example Review Technical Testing
  • 46.
    Get Ready Nowfor HITRUST 2017 | 46 sevenAlternate Control Identification and Selection
  • 47.
    Get Ready Nowfor HITRUST 2017 | 47 • Only if non-compliant CSF controls exist • Identify compensating controls • Residual compliance scoring Alternate Control Identification and Testing
  • 48.
    Get Ready Nowfor HITRUST 2017 | 48 eightReporting
  • 49.
    Get Ready Nowfor HITRUST 2017 | 49 • Prepare for submission to HITRUST – Assessor testing – Management representation letter – Remediation plans (CAPs) • HITRUST QA Review – 4 – 6 weeks Reporting
  • 50.
    Get Ready Nowfor HITRUST 2017 | 50 nineRemediation Tracking
  • 51.
    Get Ready Nowfor HITRUST 2017 | 51 • Corrective Action Plan (CAP) progress – CAP Owner – Implementation plan – Expected completion date • Residual risk score adjustments Remediation Tracking
  • 52.
    Get Ready Nowfor HITRUST 2017 | 52 The Certification Process 06
  • 53.
    Get Ready Nowfor HITRUST 2017 | 53 Issuing Certification
  • 54.
    Get Ready Nowfor HITRUST 2017 | 54 Issuing Certification
  • 55.
    Get Ready Nowfor HITRUST 2017 | 55 Issuing Certification
  • 56.
    Get Ready Nowfor HITRUST 2017 | 56 Issuing Certification
  • 57.
    Get Ready Nowfor HITRUST 2017 | 57 Issuing Certification • Valid 2 years – Annual review • Within 2 months following the 1-year anniversary • Continuous monitoring requirements – CAP remediation
  • 58.
    Get Ready Nowfor HITRUST 2017 | 58 LEARN MORE ABOUT HITRUST click here