HITRUST Central™
The HITRUST Common Security Framework (CSF) provides the foundation for HITRUST Central, a managed, online community that is designed to be a resource for healthcare information security professionals who wish to more efficiently and cost effectively enhance the security of their organizations, comply with standards and regulations and collaborate with industry peers.
Through HITRUST Central, organizations can:
- Access the Common Security Framework (CSF)
- Utilize the CSF Assurance Kit for performing self assessments or undergoing an assessment by a HITRUST CSF Assessor
- Conduct a self assessment for becoming CSF Validated
- Explore the HITRUST CSF Products and Services Guide, an online tool that simplifies the process for identifying products or services both within and independent of the CSF to aid in remediation and overall compliance efforts
- Collaborate and share experiences with peers through blogs and forums
- Download documentation and training materials
- Request support
- Learn about and submit alternate controls
It is only through registering for a HITRUST Central subscription that individuals can access the CSF. Individuals from qualified organizations* can register to receive a Standard subscription at no charge by visiting HITRUST Central. Access to the online, interactive version of the CSF, authoritative sources and the CSF Assessment Kit is available only through a paid subscription.
Subscription levels include:
| Description | |||
| Available | Qualified Organization | Qualified Organization | Non-qualified Organization |
| Common Security Framework (CSF) | PDF download | PDF download and Online access | PDF download and Online access |
| CSF Assurance Kit |  | | |
| CSF Authoritative Sources & updates | |||
| HIPAA - Including HITECH | | | |
| NIST | | | |
| ISO | | | |
| PCI | | | |
| FTC | | | |
| CMS | | | |
| COBIT | | | |
| New sources | | | |
| Security Configuration Packs | | | |
| Customer Support | Submit up to 10 questions annually | Submit up to 10 questions annually | |
| CSF Products and Services Guide | | | |
| Forums | | | |
| Blogs | | | |
| CSF Alternate Controls | Forum only | Forum and online | Forum and online |
| Working Group Participation | CSF commenting only | CSF and other programs | CSF and other programs |
| Integrated Third-Party Services | Dependant on service | Dependant on service | Dependant on service |
| Annual subscription fee | No charge | $5,500 | $10,000** |
 |
 |
| |
* A qualified organization is any organization employing a function or activity involving the use or disclosure of individually identifiable health information, provided that said organization does not provide technology or security products or services. Additionally, any federal, state, or local agency or department may qualify for a Standard subscription. HITRUST has the right to verify eligibility.
** Includes one seat in HITRUST Training for Practitioners.
