Why we include HITRUST
HITRUST CSF provides a prescriptive set of controls that meet the requirements of not only HIPAA, but other security standards such as PCI and NIST 800-53 v.4. HITRUST builds on HIPAA, a non-prescriptive compliance framework, and creates a standardized compliance framework, assessment, and certification process for the healthcare industry. HITRUST CSF certification is a much more rigorous process, with a higher burden of proof put on the organization trying to achieve certification, than a HIPAA audit. That is why Project Hosts provides not only a HIPAA compliant cloud, but a HITRUST certified cloud environment to host your data, workloads and applications.

HIPAA
- Self attestation
- Compliant through ISO audit
- Not Updated (Stagnant)
- Not very prescriptive – Example: passwords – (Password rules are not mandated)

HITRUST
- Official certification
- Audited by HITRUST certified auditors
- Continually updated
- Prescriptive – Example: passwords – (Minumum length: 8 characters, Complexity: 3 out of 4 character types, Change requires 4 changed characters, Password expiration: Every 60 days, Reuse: Can’t use last 6 passwords, Etc.
As a result, many Providers, Payers and other covered entities are requiring HITRUST.