Many business associates are finding themselves at a crossroads. Their health care clients are asking them to adopt the Health Information Trust (HITRUST) Common Security Framework (CSF) and demonstrate compliance through the HITRUST Assurance Program, yet they are already on the path of SOC 2 reporting. Or they may need to start the journey toward both destinations to satisfy the varied clients they serve. It’s a challenge that brings many questions and associated costs.
This whitepaper presents the key measures and corresponding activities business associates can expect to encounter along the path to HITRUST CSF certification. In addition, for those organizations taking the path to both HITRUST CSF and SOC 2, this paper offers key recommendations for converging efforts, weighing decisions, and creating efficiencies along the way.