HIPAA Security Rule Compliance utilizing the HITRUST MyCSF

HIPAA Security Rule Compliance utilizing the HITRUST MyCSF


As a Covered Entity or Business Associate working with Protected Health Information, your organization is required to achieve HIPAA Security Rule Compliance.

Keith S. Crumpton, President of CISO Consulting, is a certified HITRUST MyCSF Practitioner and can facilitate an organization’s effort to achieve HIPAA Security Rule Compliance utilizing the HITRUST Common Security Framework (MyCSF).

Per the HITRUST website,

“The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.

HITRUST, in collaboration with healthcare, business, technology and information security leaders, has establish the HITRUST MyCSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.”

The HITRUST MyCSF is an industry-recognized framework that provides:

  • A consistent and efficient method for determining your level of compliance with HIPAA requirements,
  • A method for tracking progress towards remediation,
  • A process for evidence gathering to demonstrate your compliance, and
  • Assurances to your customers and Board of Directors of your regulatory compliance.

The HITRUST self-assessment process prepares you for validation as being HIPAA compliant.  CISO Consulting can also assist with the actual HITRUST Validated Assessment process.

If you do not have security policies or processes, CISO Consulting can create them for/with you customized for your specific environment.

To discuss your HIPAA compliance requirements, give CISO Consulting a call at 617-506-1244 or email Keith Crumpton directly at ksc@cisoconsulting.com.