Where is HITRUST?

HITRUST has specifically asked us NOT to review their materials.

They are opaque and do not want any outside review of their controls. They specifically do not want organizations that use HITRUST to know where their controls have gaps with the actual laws and rules related to health care and personal information.

Until they request outside review (like Cloud Security Alliance, Shared Assessments, ISF, and many others), they will not be mapped to the UCF.

If there are specific documents that HITRUST covers that you would like added to the UCF, please submit a request.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.