Why HITRUST, Part 1

Posted February 16, 2023 by Gretchen Reeves and Adam Cole ‐ 3 min read

This blog series explains the reasons why LifeOmic chose to use HITRUST CSF, which is a widely recognized and comprehensive framework for managing information security risk.

LifeOmic, a genomics company, adopted the HITRUST CSF information risk management framework to protect their data and information systems. This blog series explains the reasons why LifeOmic chose to use HITRUST, which is a widely recognized and comprehensive framework for managing information security risk.

One of the main reasons why LifeOmic decided to adopt HITRUST is that the framework prioritizes integrated security safeguards that are derived from multiple regulatory requirements applicable to U.S. healthcare, privacy, and generally accepted information security standards best practices. This is important for LifeOmic because they operate in the healthcare market and must adhere to strict regulatory requirements. HITRUST was specifically designed with healthcare in mind, making it a natural choice for LifeOmic’s mission.

Another factor that made HITRUST attractive to LifeOmic is that the framework is updated no less than annually. This ensures that it remains relevant and up-to-date with the latest federal and state legislation and regulations. In contrast, other frameworks such as ISO/IEC 27001 and NIST SP 8000-53 are updated less frequently, which means that they may not always represent the most current security practices.

HITRUST ongoing enhancements and maintenance provide continuing value to healthcare organizations like LifeOmic. The framework allows LifeOmic to focus on what really matters - their customers - rather than having to integrate and tailor multiple redundant requirements and best practices into their own framework. By using HITRUST, LifeOmic can be confident that they are following the latest industry best practices for information security.

Another reason why LifeOmic chose HITRUST CSF over ISO/IEC 27001 is that the framework offers a prescriptive framework based on international and domestic standards that can be scaled to meet an organization’s needs. This is particularly important for a growing company like LifeOmic, which needs a framework that can adapt to their changing needs. HITRUST achieves a consistent level of protection by implementing three levels in the scope of organizational and system risk factors. In contrast, ISO/IEC 27001 allows each organization to select controls with little to no oversight, which can result in inconsistencies in how controls are implemented across different organizations.

Another key advantage of HITRUST is that it can be tailored to meet an organization’s unique position. The framework incorporates managed tailoring, which ensures consistent application of information security, interpretations of security, and compliance risk across multiple organizations. This is important for LifeOmic, which operates in a highly regulated industry and must adhere to strict standards.

To summarize, LifeOmic chose to use the HITRUST CSF framework because of the comprehensive set of security controls that are tailored to the healthcare industry, and it is updated frequently enough to reflect the latest industry best practices. By using HITRUST CSF, LifeOmic is confident in the steps taken to protect your data and information from cyber threats.