Trust and Transparency Solutions: How vendors serving companies in the healthcare industry are providing third party assurance

June 2016


The HIPAA Final Omnibus Rule passed in 2013 reaches beyond traditional healthcare payers and providers to any vendor operating along the healthcare continuum. Recently, several of the largest global healthcare payers established a mandate requiring their vendors to obtain a Health Information Trust (HITRUST) Alliance certification by 2017.

This report outlines the new HITRUST mandate, the HITRUST Common Security Framework (CSF) and how companies operating in the healthcare industry are providing third party assurance.


HIPAA compliance is now truly an industry-agnostic issue.

The HITRUST "assess once, report many" Common Security Framework (CSF) allows an organization to streamline its efforts to comply with numerous federal, statutory and other healthcare regulations.

Benefits of adopting an integrated CSF include:

  • Integration of a multitude of federal and state rules and regulations
  • Industry-leading practices on information security and privacy are already integrated
  • The framework is both recognized, and respected across the industry

Contact us

Todd Bialick
Trust and Transparency Solutions Leader, PwC US
Tel: +1 (973) 236 4902

Kevin O'Connell
Partner, US Trust and Transparency Solutions Financial Services Leader, PwC US
Tel: +1 (617) 530 7785

Follow us