Organizations seeking to align their controls to the HITRUST framework can spend significant amounts of time and resources making it happen. And no wonder, when the potential benefits of HITRUST alignment and certification can be significant. Obtaining an independent, third-party assessment over the maturity of information security controls to safeguard protected health information (PHI) builds customer trust.
Once a vendor’s initial efforts toward certification are complete, however, it’s not uncommon for them to become complacent, neglecting to implement ongoing measures to continuously monitor their compliance status.
HITRUST certification is not a one-shot deal. Companies must continually track updates to the HITRUST framework to keep risk and compliance issues in check and avoid incurring high costs. This publication serves as a guide to the best practices for pre- and post-certification monitoring: