If you’ve experienced a HITRUST assessment, you’re familiar with the MyCSF tool. It’s the online application used to verify compliance with the HITRUST compliance framework. There’s no arguing that MyCSF helps auditors and their clients manage the extensive HITRUST assessment process. But, if we’re being honest, it hasn’t historically provided the most efficient means to complete an assessment.

There’s good news, though. HITRUST is revamping the MyCSF tool to provide increased functionality for users, valuable analytics to aid in the tracking of both compliance and assessment completion, in addition to adding many efficiencies throughout the entire assessment process. In mid-June 2018, HITRUST held a webinar highlighting the big changes to MyCSF and how those changes positively affect users. Below are a few highlights to note.

HITRUST MyCSF 2.0 Highlights

1. MyCSF 2.0 will likely save users time. MyCSF allows users to assess compliance at the requirement level, but getting there hasn’t been easy within the MyCSF 1.0 tool. The interface is clunky and requires a number of clicks before you can even access the requirement you’re trying to address. Add to that the fact that HITRUST v9.1 has 233 requirements at minimum and 1,719 at maximum, with five scoring entries per requirement. You can see how easy it could be to get “lost in the weeds.” But, MyCSF 2.0 includes the ability to assess requirements by domain, which are much broader and provide a higher-level view of compliance.

If you’re unfamiliar, there are 19 HITRUST domains, including:

    • Risk Management
    • Information Protection Program
    • Data Protection & Privacy
    • Endpoint Protection
    • Portable Media Security
    • Mobile Device Security
    • Configuration Management
    • Vulnerability Management
    • Network Protection
    • Wireless Protection
    • Password Management
    • Incident Management
    • Physical & Environmental Security
    • Transmission Protection
    • Access Control
    • Audit Logging & Monitoring
    • Education, Training & Awareness
    • Third Party Security
    • Business Continuity & Disaster Recovery

Beyond that, instead of navigating through a maze of pages to view and respond to the requirements they’re assessed against, MyCSF 2.0 users will be able to view all requirements for a domain on one page. These changes will likely give users a much simpler and more user-friendly MyCSF experience, leading to more efficiency and time savings.

2. MyCSF 2.0 will give users a clearer picture of their level of compliance with HITRUST. At the requirement level, it’s hard to understand your level of compliance. Under the first version of MyCSF, users have to jump through hoops to determine whether or not they’ll be compliant (i.e. Excel spreadsheets with formulas). There isn’t a simple way to view your current level of compliance within the MyCSF tool.

MyCSF 2.0 features a new dashboard and reporting features that will allow users to quickly identify their level of compliance in real-time, which will likely help teams have a greater peace of mind during assessments. It’s clear these changes are aimed at helping users navigate the robust HITRUST framework more easily. If you’ve experienced MyCSF 1.0, you’re probably wondering when you’ll be able to get your hands on 2.0. The reality falls between “don’t hold your breath” and “don’t give up hope.”

HITRUST is currently piloting MyCSF 2.0 in efforts to identify and address any bugs within the interface. They plan to move all users to the new application by March 31, 2019.

With or without a new tool, HITRUST certification and compliance is a big undertaking. If you need help understanding the framework or how your organization can become compliant, click here to contact us.