Ask Our VP of Compliance: July 2018

"HIPAA Compliance & HITRUST Common Security Framework”

In recent years, security breaches in the healthcare industry have become a lot more prevalent. The rise in data privacy violations, specifically infringements on the security of ePHIs (electronic Protected Health Information), has put millions of health records at risk. Surely, private data such as health information must always stay protected from unauthorized exposure, which is why HIPAA compliance and HITRUST CSF are so important. Digital Edge's VP of Compliance answers some key questions regarding HIPAA and HITRUST CSF!


What is the difference between HIPAA and HITRUST CSF?

Although both HIPAA and HITRUST are related in their purpose to protect ePHIs and healthcare data, it must be made clear that they are not the same thing.


HIPAA, or the Health Insurance Portability and Accountability Act, was passed to set the standards for the protection of sensitive healthcare information. It involves setting administrative, technical, and physical safeguards for the security of data.


HITRUST CSF, also known as the Health Information Trust Alliance Common Security Framework, was released more recently as a framework for the protection of private data. HITRUST has more specific standards than HIPAA, and clears up the vague guidelines which HIPAA sets.


Organizations can become HITRUST certified by meeting certain requirements. Meanwhile, HIPAA certifications do not exist, often leaving organizations unsure of their compliance. It is important for businesses to become certified so that they know they have met all requirements for the safety of the healthcare information that they possess.

Ask Our VP of Compliance: July 2018




If I am HITRUST CSF certified, does that make me HIPAA-compliant?

Short answer: YES.


Long Answer: HITRUST CSF can be used as a clear and industry-managed approach to meeting HIPAA requirements for the Security and Breach Notification rules. The HITRUST CSF translates HIPAA requirements into an actionable roadmap that is cross-referenced to other security and data privacy regulations. In this way, organizations can develop controls to manage compliance across a broad range of regulatory requirements. Their risk is reduced; so is their compliance complexity and cost. It’s one simplified compliance process that covers a range of needs.

Because no true formal HIPAA status exists, it’s just not possible to claim that you’ve been verified as “certified HIPAA-compliant.” Yet HITRUST offers a third-party assessment that can attest that your organization has met the relevant requirements within the CSF.


How many organizations have adopted the CSF?

The HITRUST CSF is the most widely adopted security framework in the healthcare industry: 83 percent of hospitals and 82 percent of health plans with over 500,000 members have adopted the framework.


How can Digital Edge help?

Don’t wait until it’s too late. Tomorrow starts now! Establish a credible HIPAA compliance program aligned with the HITRUST CSF. Prioritize the completion of HITRUST certification. Applying the HITRUST CSF to address HIPAA mandates requires the following key steps:

  1. Integrate the HITRUST Risk Management Framework into your information protection program.
  2. Conduct a comprehensive HITRUST CSF Self-Assessment.
  3. Perform HITRUST CSF Validation and Certification.
  4. Manage and maintain HITRUST CSF Certification‒ Continually

Digital Edge is an expert in HITRUST CSF and HIPAA standards. Our team will help to implement policies, standards and practices to cover all HITRUST CSF & HIPAA requirements based on HITRUST CSF framework.


Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance


If many of you still have questions - And we want to help as much as possible, so, feel free to contact myself at or to our Cyber Security Compliance team at

Danielle Johnsen
VP of Compliance

Danielle V. Johnsen joined the Digital Edge team in 2015 as the VP of Compliance.  With a passion for information security and organizational compliance, Danielle’s vision is to enable collaboration between 'The Business' and Information Technology, thus creating common objectives and outcomes that benefit the organization, while staying in compliance with all regulatory bodies and companywide policies. Specializing in security frameworks and policies such as: ISO 9001, ISO 27001, NYS DFS 500, NIST, HIPPA, GDPR, PCI, OSPAR, and more! 


Was this article helpful?