HITRUST Compliance Checklist

This task involves identifying all systems and data within the organization that handle Protected Health Information (PHI). The goal is to have a comprehensive understanding of where PHI is stored, transmitted, and accessed. By completing this task, we can ensure that appropriate security measures are in place to protect PHI and comply with HITRUST requirements. Are you aware of all the systems and data that handle PHI within your organization?

This task involves evaluating the existing security controls and practices in place within the organization. The purpose is to assess the effectiveness of the current controls and identify any areas that require improvement to meet HITRUST compliance. By completing this task, we can ensure that our security controls are aligned with best practices and provide adequate protection for PHI. What security controls and practices are currently implemented within your organization?

In this task, we will identify any gaps in compliance with HITRUST requirements. By reviewing the evaluation results from the previous task, we can identify areas where our organization falls short of meeting the necessary security standards. The goal is to understand the specific areas that need improvement and develop targeted strategies to address them. Have you identified any gaps in compliance with HITRUST requirements?

This task involves creating a risk management plan to address the identified gaps in compliance. The risk management plan will outline specific actions, responsibilities, and timelines for mitigating the identified risks. By completing this task, we can ensure that we have a structured approach to managing risks and achieving HITRUST compliance. What actions and strategies will be included in the risk management plan?

In this task, we will implement the necessary security controls and practices to address the identified gaps in compliance. By putting in place the recommended measures, we can strengthen our security posture and ensure that PHI is adequately protected. Are you ready to implement the security controls and practices needed to address the identified gaps?

This task involves providing training to employees on HIPAA/HITRUST requirements and company policies. The goal is to ensure that all employees are aware of their responsibilities in handling PHI and are knowledgeable about the necessary security measures. By completing this task, we can reduce the risk of human error and ensure a culture of compliance within the organization. What training methods and resources will be used to educate employees?

This task involves conducting regular system and security audits to assess the effectiveness of the implemented security controls and practices. By regularly auditing these systems and practices, we can identify any potential vulnerabilities or non-compliance issues and take prompt action to address them. How often will system and security audits be conducted?

This task requires establishing a procedure for responding to security incidents involving PHI. The procedure should outline the steps to be taken in the event of a security breach or incident, including incident notification, containment, investigation, and recovery. By having a well-defined procedure in place, we can minimize the impact of security incidents and ensure a swift and effective response. Have you established a procedure for responding to security incidents?

This task involves maintaining documentation of all compliance efforts related to HITRUST requirements. By keeping thorough and up-to-date documentation, we can demonstrate our commitment to compliance and provide evidence of our efforts to protect PHI. What documentation will be maintained?

This task requires validating HITRUST compliance with an independent assessment. The assessment will evaluate the organization's adherence to HITRUST requirements and determine if any non-compliance issues exist. By completing this task, we can obtain an objective assessment of our compliance status and identify areas that may require remediation. Have you scheduled an independent assessment for HITRUST compliance validation?

This task involves remedying any issues or non-compliance findings identified in the independent assessment. By addressing these issues promptly and effectively, we can ensure that the organization achieves full compliance with HITRUST requirements. What action will be taken to remediate the identified issues?

This task requires submitting the documentation and assessment results to HITRUST for review and approval. By submitting these materials, we seek HITRUST's validation of our compliance efforts and confirmation of our adherence to their requirements. What documentation and assessment results will be submitted to HITRUST?

This task involves rescanning and reassessing compliance annually to ensure continuous adherence to HITRUST requirements. By conducting regular reassessments, we can identify any changes or new risks that may impact compliance and take appropriate measures to address them. When will the annual rescan and reassessment be conducted?

This task requires acting upon feedback and recommendations received from HITRUST after the review of documentation and assessment results. By addressing these recommendations and implementing any necessary changes, we can continuously improve our compliance efforts and strengthen our security controls. How will feedback and recommendations from HITRUST be addressed?