One organization that is gaining attention in the healthcare privacy and security area is HITRUST. At first glance, HITRUST appears as if it might be one more organization with additional rules and regulations regarding privacy and security policy. But, in fact, there are no new rules or regulations imposed by
HISTRUST, rather they consolidate 17 authoritative sources on privacy and security into one place. HITRUST offers a tool called their Common Security Framework (CSF). This tool can be used as a self-assessment, or can be used to provide certification by 3rd-party independent auditors. One key aspect of the CSF is that it is flexible enough for small organizations to use.