HITRUST has specifically asked the UCF Team NOT to review their materials.
They are opaque and do not want any outside review of their controls. They specifically do not want organizations that use HITRUST to know where their controls have gaps with the existing laws and rules related to health care and personal information.
Until they request outside review (like Cloud Security Alliance, Shared Assessments, ISF, and many others), they will not be mapped to the UCF.
If there are specific documents that HITRUST covers that you would like added to the UCF, you can submit and vote on Authority Documents requests HERE.
Or Contact our support team by submitting support a request.
For more information on Authority Document prioritization and requests, check our FAQ article How does Unified Compliance determine which documents to map?
Please sign in to leave a comment.