HITRUST Academy: Training for Practitioners
HITRUST Training for Practitioners educates healthcare information security and privacy professionals about protected health information (PHI) and information security requirements, and equips attendees to implement the HITRUST Common Security Framework (CSF) and prepare for and conduct assessments.
With a delivery approach that combines online and onsite sessions, the course provides attendees with the most up-to-date information needed to develop and maintain effective security programs and prepares them to address and assess against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
The course includes two sessions:
Session 1: Understanding the healthcare landscape, critical security risks, market dynamics, risk management and CSF Assurance Program
Content is delivered at the participant’s convenience via an online learning management system and takes approximately eight hours to complete.
Topics include:
- Introduction to HITRUST and the Common Security Framework (CSF)
- Overview of the industry, including key players and how they interconnect
- Analysis and discussion of trends in the industry relating to privacy and security (e.g., challenges and constraints, top concerns and initiatives)
- Overview of the regulatory landscape that affects healthcare organizations (e.g., compliance agencies, standards, regulations)
- Review of market dynamics and the challenges facing healthcare
- Discussion of risk management and its relation to the CSF
- Review of the CSF Assurance Program
Session 2: Utilizing the CSF and CSF Assurance Program
Content is delivered by an instructor in a classroom setting in Frisco, Texas, and features case studies, hands-on learning and real-world application of the curriculum1. The onsite session requires a total of three days, with two days for classroom instruction and one day dedicated to the Practitioner Exam.
Topics include:
- Thorough review of the structure of the CSF, including the control objectives, multiple levels of implementation requirements, risk factors and authoritative sources cross referenced
- Detailed explanation of the CSF Assurance Kit, including a review of each component and case studies with hands-on use of each component
- Overview of the CSF Assurance Program as a means of managing and communicating security internally and with third parties (e.g., business associates, customers, vendors)
- Introduction to the tools and methodology for utilizing the CSF
- Discussion of best practices for adoption and performing an assessment
- Explanation of the differences between CSF Validated and CSF Certified and the value to an organization
- A review of the requirements for CSF certification
The course is recommended for any security professional from a healthcare organization planning to implement the CSF and prepare for a self, remote or onsite assessment. This course is also required for individuals working as part of a HITRUST CSF Assessor organization who wish to provide HITRUST and CSF-related services. Attendees must pass the Practitioner Exam delivered on the final day of the course in order to become practitioner certified2.
Participants are eligible for CPE credit as approved by the National Association of State Boards of Accountancy (NASBA). The cost of the course, including the exam, is $3,000 per individual.
Schedule and Registration
Students have six months to complete the entire course with the online session and three-day onsite instructor-led curriculum and exam. Session 1 must be completed 90 days from date of purchase and must complete Session 2 within 90 days of completing Session 1. Onsite sessions for Session 2 are scheduled on a regular basis throughout the year. View the schedule or email education@HITRUSTalliance.net with any questions.
1 Participants should come equipped with a personal computer running a Windows Operating System, preferably with Microsoft Excel version 2007 or later.
2 Perspective practitioners should note that HITRUST specifies a number of requirements for maintaining the CSF Practitioner designation. HITRUST only mandates these requirements for CSF Assessors, however, should an individual who is not a member of a CSF Assessor's workforce wish to maintain the CSF Practitioner designation, we strongly recommend reviewing Section 3 of the CSF Assessor Requirements.
