HITRUST to Ensure CSF Continues to Align and Secure the Healthcare Industry into the Future

HITRUST CSF Advisory Council enhances industry alignment and outreach by engaging key standards and trade organizations

FRISCO, Texas--()--HITRUST announced today the expansion of the HITRUST CSF Advisory Council with the addition of key standards and trade associations in order to communicate the broader healthcare industry needs and increase outreach. The HITRUST CSF Advisory Council coordinates with HITRUST to maintain and improve the HITRUST CSF, ensuring it is aligned with and continues to meet the dynamic information protection requirements of the healthcare industry.

Council members actively advise and make recommendations to HITRUST with respect to the structure and content of the HITRUST CSF and CSF Assurance Program based on their various areas of subject matter expertise and experience, as well as the expertise and experience of their respective constituencies and other stakeholders. With today’s expansion, the HITRUST CSF seeks input and consensus from every healthcare sector where risk management is relevant and ensures that voluntary-industry led privacy and security standards meet the needs of members, patients and practitioners.

The following health industry standards and trade organizations are now members of the HITRUST CSF Advisory Council:

  • America’s Health Insurance Plans (AHIP)
  • American Hospital Association (AHA)
  • American Medical Association (AMA)
  • American Medical Group Association (AMGA)
  • Electronic Healthcare Network Accreditation Commission (EHNAC)
  • Texas Medical Association (TMA)

The HITRUST CSF Advisory Council helps ensure the HITRUST CSF continues to be the most widely adopted information risk management framework in the healthcare industry and the foundation for the health and public health implementation guidance for the NIST Cybersecurity Framework. The HITRUST CSF Advisory Council will ensure the HITRUST CSF meets the demands of today’s healthcare industry while leading the program into the future as the healthcare industry continues to grow and mature.

“Having been engaged with HITRUST over the past year - communicating requirements, evaluating draft HITRUST CSF updates for usability, and providing feedback to ensure the CSF addresses the needs of physician practices including smaller ones like mine - I am pleased about the opportunity to formally represent the broader physician community in guiding the HITRUST CSF development,” said James Stefan Walker, MD, practicing physician and Texas Medical Association HIT committee member.

HITRUST updates the CSF no less than annually, incorporating changes deemed appropriate to ensure it efficiently and effectively addresses the information privacy and security risks in today’s dynamic operational and threat environment, while also maintaining the numerous authoritative sources harmonized within it. To help ensure the efficacy and relevancy of those changes, HITRUST actively solicits input from the industry on potential changes and updates to the framework, in addition to comments on those changes implemented with each new release of the HITRUST CSF.

“Given the widespread reliance on the HITRUST CSF by the healthcare industry and its business associates, HITRUST believes expanding the process for soliciting input and engaging in outreach will ensure the HITRUST CSF and CSF Assurance programs continue to meet the goals for an industry-led security and privacy framework both today and into the future,” said Daniel Nutkis, CEO, HITRUST.

A complete list of CSF Advisory Council members can be found at https://hitrustalliance.net/councils/.


Founded in 2007, the HITRUST Alliance, a not for profit, was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST—in collaboration with public and private healthcare technology, privacy and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring consumer confidence in the organizations that create, store or exchange their information.

HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection.

For more information, visit http://www.HITRUSTalliance.net.


Kesselring Communications for HITRUST
Leslie Kesselring, +1-503-358-1012
leslie@kesscomm.com or pr@HITRUSTalliance.net

Release Summary

HITRUST expands HITRUST CSF Advisory Council with the addition of key healthcare standards and trade associations to meet the dynamic information protection requirements of the healthcare industry.


Kesselring Communications for HITRUST
Leslie Kesselring, +1-503-358-1012
leslie@kesscomm.com or pr@HITRUSTalliance.net