HITRUST’s New Scoping Factors Target Efficiency


Citing a hope for more efficiency, HITRUST released its HAA 2020-003 assurance advisory on June 1, which is full of scoping factor enhancements designed to reduce the effort associated with and increase the accuracy of CSF assessments.

HITRUST’S new scoping factors are related to the use of cloud service providers; access to the scoped environment from an external network; use of dial-up services; use of fax machines; use of hardware tokens; use of personally owned devices; use of wireless access points; electronic commerce; electronic signatures; and use of mail services.

HITRUST also modified the scoping factor related to third-party access to provide more information by breaking it into two questions relating to accessibility by third-party personnel and transmission of data with a third party.

HITRUST believes the changes to the scoping factors should reduce the amount of effort involved in responding to and validating controls that are not applicable to your environment. This should produce a more efficient assessment.

This is not the first time HITRUST has announced major changes to its protocols in this year. Back in March, HITRUST issued HAA 2020-002, which addressed the impact of COVID-19 on assessment timelines. Most notably, HITRUST had waived the external assessor’s onsite requirements just about every business throughout the United States turned to remote work or only kept essential employees at their facilities.

2W Tech has a Cybersecurity Compliance Program that is designed to support our clients’ compliance obligations like HITRUST. We’re also a Microsoft Gold Partner who can help you make the most of the apps in Microsoft Azure. Call us today to get started.

Read More:
Machine Learning on the Rise

Remote Monitoring and Management More Essential Than Ever

Back to IT News