HITRUST and Risk Assessment

When your company considers a HITRUST assessment, it's important to note that a risk assessment is a core conceit of the HITRUST assessment itself. There are four or five requirements that absolutely require a risk assessment for your organization that is organizational wide, comprehensive, and includes all of the security controls noted in the HITRUST CSF. It’s a common mistake to believe that because the HITRUST CSF is risk based and your organization is using it to drive your compliance standards that you’ve performed your risk assessment simply by bringing the CSF in. Nothing could be further from the truth. You actually must perform a common risk assessment for your organization as a function of HITRUST CSF compliance. 

Related Videos