Hitrust: Navigating to 2017, Your Map to HITRUST Certification
-
Upload
schellman-company -
Category
Health & Medicine
-
view
826 -
download
0
Transcript of Hitrust: Navigating to 2017, Your Map to HITRUST Certification
![Page 1: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/1.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST: Navigating to 2017 Your Map to HITRUST Certification
![Page 2: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/2.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
01. Background / Overview 02. CSF Expansion 03. The CSF Framework 04. Scope and Approach 05. Options 06. Steps to Certification 07. Process 08. Mapping
Contents
![Page 3: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/3.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Background & Overview 01
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 4: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/4.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Security and privacy are everyone's responsibility
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 5: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/5.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST Overview • Began in 2007 • Meet demand of healthcare challenges
– Inconsistency – Inefficiencies – Increasing cost – Increasing risk
![Page 6: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/6.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST CSF – Multiple Req’ts
![Page 7: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/7.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST CSF – One Program
HITRUST CSF
![Page 8: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/8.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST CSF – Assess Once Security gateways (e.g., a firewall) shall be used between the internal network, external networks (Internet and 3rd party networks), and any demilitarized zone (DMZ). An internal network perimeter shall be implemented by installing a secure gateway (e.g., a firewall) between two interconnected networks to control access and information flow between the two domains. This gateway shall be capable of enforcing security policies, be configured to filter traffic between these domains, and block unauthorized access in accordance with the organization's access control policy. Wireless networks shall be segregated networks from internal and private networks. The organization shall require a firewall between any wireless network and the covered information systems environment.
CSA CCM SA-08 HIPAA § 164.308(a)(3)(ii)(A) HIPAA § 164.308(a)(3)(ii)(B) HIPAA § 164.310(b) IRS Pub 1075 9.4.10 PCI DSS 1.1. PCI DSS 1.1.4 1 TAC § 390.2(a)(1)
![Page 9: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/9.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST CSF – Report Many
![Page 10: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/10.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
HITRUST Now • 83% of hospitals • 82% of health plans • 23,000 Common Security Framework (CSF)
Assessments (2012, 2013, 2014)
![Page 11: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/11.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
CSF Expansion 02
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 12: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/12.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Announcement
![Page 13: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/13.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Overview of Expansion • CSF Certification • Anthem/Cigna, Health Care Services Corp.,
Highmark, Humana, and UnitedHealth Group Significance
• Effective security and privacy practices
![Page 14: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/14.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Why the Expansion? • Increasing cyber threats • Significance of Business Associates • Interconnection of healthcare industry • Beyond HIPAA • Minimize the duplicity, costs and inefficiencies
![Page 15: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/15.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Mandatory?
YES! (For Business Associates)
![Page 16: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/16.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
7,500
![Page 17: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/17.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
24 months
![Page 18: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/18.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Overview of the Common Security Framework 03
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 19: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/19.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
CSF Overview • CSF
– Defined set of requirements – Prescriptive requirements – Meet the challenges in healthcare security – Secure protected health information
![Page 20: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/20.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Overview of the CSF • ISO 27001 • PCI-DSS • HIPAA/HITECH • Meaningful Use
• NIST 800-53 • FTC Red Flags • CMS • Privacy Laws
![Page 21: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/21.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Organization of the CSF • Establishes a single benchmark • Increases trust and transparency • Obtains industry consensus
![Page 22: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/22.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
CSF and Privacy • CSF version 7
– Inclusion of privacy – Satisfy health care regulations in Texas (SECURETexas)
![Page 23: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/23.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Purpose & Scope 04
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 24: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/24.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Purpose • Harmonizes privacy and security standards • Establishes framework of controls • Build trust and assurance • Highlights credibility
![Page 25: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/25.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Purpose • Effectively meet the security objectives
– Examining – Interviewing – Testing
![Page 26: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/26.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Define Scope • Entire organization environment • Segmented portions
– Single location – Single business unit – Single application
• Covered information
![Page 27: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/27.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Define Scope • Assessment options
– Security Assessment – Security & Privacy Assessment – Comprehensive Security Assessment – Comprehensive Security & Privacy Assessment – NIST Cyber Security Assessment
![Page 28: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/28.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Scope of CSF • Assessment factors
– Organizational factors – System factors – Regulatory factors
![Page 29: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/29.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Scope of CSF • 14 control categories
– 13 for Security – 1 for Privacy
• 46 control objectives • 149 control specifications
– Grouped within 19 assessment domains
![Page 30: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/30.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Scope of CSF CSF Assessment Domains
Information Protection Program Access Control Endpoint Protection Audit Logging & Monitoring Portable Media Security Education, Training and Awareness Mobile Device Security Third Party Assurance Wireless Security Incident Management Configuration Management Business Continuity & Disaster Recovery Vulnerability Management Risk Management Network Protection Physical & Environmental Security Transmission Protection Data Protection & Privacy
Password Management
![Page 31: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/31.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
MyCSF • Access to the CSF and authoritative source • Perform assessments • Reporting/Tracking compliance • Document remediation in Corrective Action Plan
(CAPs) • Benchmarking
![Page 32: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/32.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Options 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 33: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/33.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Self Assessment • CSF Validated
Assessment Types
![Page 34: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/34.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Self Assessment • CSF Validated
Assessment Types
![Page 35: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/35.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Self Assessment – No validation – 3rd party can facilitate assessment – 3rd party can provide review and feedback
Assessment Types
![Page 36: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/36.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Validated – HITRUST approved CSF Assessor – On-site fieldwork
• Interviews • Technical testing
Assessment Types
![Page 37: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/37.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Self-assessment • CSF Validated
– Minimum maturity rating of 3+ on a majority of assessment domains
• CSF Certified – Minimum maturity rating of 3+ for ALL
assessment domains
Report Types
![Page 38: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/38.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Steps to Certification 06
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 39: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/39.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
one Initial Project Planning
![Page 40: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/40.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Executive support • Determining scope • Determining system boundaries • Communication with process owners
Project Planning
![Page 41: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/41.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
two Organizational and
System Scoping
![Page 42: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/42.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Location(s) • Application(s) • Device(s) • Regulatory requirement(s) • System boundaries
Organizational and System Scoping
![Page 43: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/43.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
three Assessment Preparation
![Page 44: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/44.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Project calendars • Evidence request lists
Assessment Preparation
![Page 45: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/45.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
four Examine Documentation
and Practices
![Page 46: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/46.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Policy documents • Documented procedures • Processes
Examine Documentation and Practices
![Page 47: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/47.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
five Conduct Interviews
![Page 48: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/48.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Process owners • Verify process controls • Confirmation of evidence
Conduct Interviews
![Page 49: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/49.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
six Perform and Review and
Technical Testing
![Page 50: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/50.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Automated control configurations • Manual control sampling
– HITRUST sampling methodology
Perform Technical Testing
![Page 51: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/51.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Compliance scoring – Control requirement
• Policy • Procedure • Implemented • Managed • Measured
Review Technical Testing
– Maturity rating • Non-compliant (0%) • Somewhat compliant (25%) • Partially compliant (50%) • Mostly compliant (75%) • Fully compliant (100%)
![Page 52: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/52.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Compliance scoring example
Review Technical Testing
![Page 53: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/53.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
seven Alternate Control
Identification and Selection
![Page 54: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/54.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Only if non-compliant CSF controls exist • Identify compensating controls • Residual compliance scoring
Alternate Control Identification and Testing
![Page 55: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/55.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
eight Reporting
![Page 56: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/56.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Prepare for submission to HITRUST – Assessor testing – Management representation letter – Remediation plans (CAPs)
• HITRUST QA Review – 4 – 6 weeks
Reporting
![Page 57: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/57.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
nine Remediation Tracking
![Page 58: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/58.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• Corrective Action Plan (CAP) progress – CAP Owner – Implementation plan – Expected completion date
• Residual risk score adjustments
Remediation Tracking
![Page 59: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/59.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
The Certification Process 07
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 60: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/60.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Issuing Certification
![Page 61: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/61.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Issuing Certification
![Page 62: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/62.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Issuing Certification
![Page 63: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/63.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Issuing Certification
![Page 64: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/64.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Issuing Certification
• Valid 2 years – Annual review
• Within 2 months following the 1-year anniversary
• Continuous monitoring requirements – CAP remediation
![Page 65: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/65.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Mapping to Other Standards 08
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
![Page 66: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/66.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
• HIPAA • ISO 27001 • PCI • NIST / CMS ARS • Meaningful Use • SOC 2
Other Standards
![Page 67: Hitrust: Navigating to 2017, Your Map to HITRUST Certification](https://reader030.fdocuments.net/reader030/viewer/2022021506/587aa7191a28abed218b4b39/html5/thumbnails/67.jpg)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
Join Us Next Time
Surviving a Security Assessment October 9, 2015 brightline.com/webinars