Share This Post
On August 27, 2019, ESHA IT, facilitated a successful HITRUST Community Extension Program in New York city. Security and Technology professionals from organizations in healthcare, finance and technology attended the town hall. Michael Parisi, VP of Assurance Strategy & Community Development was the main speaker and he did a great job informing the attendees about HITRUST.
Lively discussions about the HITRUST process kept the event energetic. Real world examples and case studies helped attendees to see the benefits of becoming HITRUST certified.
John Langhauser, the co-founder of AdhereTech
John Langhauser, the co-founder of AdhereTech, explained how pursuing a HITRUST certification differentiated them from competitors. AdhereTech provides software that uses smart pill bottles to provide patient support. They have found that being a HITRUST certified company in the healthcare industry has simplified their security conversations with potential customers.
Live demo of MyCSF® scoping exercise
Pete Niner, one of our HITRUST CSF Practitioners, conducted a live scoping exercise using the My CSF tool. He also provided a case study of a client benefited from the scoping exercise despite challenges.
Pete recommended that the scope of the HITRUST Assessment be made very clear and as minimal as possible. Companies should ensure that legal and compliance obligations should be precisely scoped and only included if required.
Key Points from Michael Parisi
The main objective of the CEP event was to promote awareness of the HITRUST process while promoting the benefits of the certification.
Michael Parisi spoke about the journey to certification, the types of assessments and products such as the HITRUST Threat Catalogue, Assurance Program and the Shared Responsibility program.
In addition to answering questions from the audience, Michael Parisi stressed the importance of performing a risk analysis before starting the HITRUST framework. A few people had concerns about the procedures used by assessors during the process. Michael assured them that every audit is reviewed by HITRUST and that all assessors are held to the strict guidelines of the process.
HITRUST has seen an increase in adoption of the HITRUST CSF outside of the healthcare and public health sector – and internationally.Future plans for the HITRUST Alliance include:
- Launching HITRUST CSF v10 in 2020
- They plan on providing services for GDPR certifications.
- HITRUST VC Council will be launched later this year.
- HITRUST is working with the FAIR Institute to create a threat catalogue to help with risk management.
Simplifying the Readiness Assessment
Premal Parikh, Managing Director of ESHA IT, shared the HITRUST certification methodology that his team uses to assist their clients to achieve certification. He focused on the pros and cons of doing a readiness assessment without the aid of a HITRUST Practitioner. He explained how guidance from an experienced assessor during the self-assessment increases the quality of the validated assessment.
“Participating in this HITRUST CEP was a great experience. It was an opportunity to share lessons learned with people in our industry to help them understand the complexities of HITRUST and risk management. We plan on partnering with HITRUST again in 2020 to produce more of these events throughout the United States.”
– Premal Parikh
We encourage people who are interested in this certification to take advantage of this free opportunity. It’s a great way to learn all you can about HITRUST to simplify the process and effectively implement the procedures in your programs.
As authorized HITRUST CSF experts, ESHA IT has experienced practitioners that are prepared to answer any questions you have about HITRUST. Contact us if you would like to see the presentations from this event or if you have any questions.