HITRUST v9.4 Level 1 - AWS Audit Manager

HITRUST v9.4 Level 1

End of support

Starting December 1, 2021, we will no longer support the HITRUST v9.4 - Level 1 standard framework.

AWS Audit Manager provides a prebuilt framework that supports HITRUST to assist you with your audit preparation.

What is HITRUST?

The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), in their own words, "is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework."

The HITRUST CSF serves to unify security controls from federal law (such as HIPAA and HITECH), state law (such as the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth), and non-governmental frameworks (such as the PCI Security Standards Council) into a single framework that's tailored for healthcare needs.

AWS provides a reliable, scalable, and inexpensive computing platform that can support the applications of healthcare customers in a manner consistent with HIPAA, HITECH, and HITRUST CSF.

Use AWS Audit Manager to support your HITRUST audit preparation

AWS Audit Manager provides a prebuilt framework that structures and automates assessments for the HITRUST compliance standard, based on AWS best practices. This framework includes a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to HITRUST requirements.

You can use the HITRUST v9.4 - Level 1 framework in AWS Audit Manager to prepare for HITRUST audits. The controls in this framework aren't intended to verify whether your systems are compliant with the HITRUST standard. Moreover, they can't guarantee that you will pass a HITRUST assessment. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

You can find the HITRUST v9.4 - Level 1 framework under the Standard frameworks tab of the Framework library in Audit Manager.

For instructions on how to create an assessment using this framework, see Creating an assessment. For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.