HITRUST is an attempt to help vendors better prove their commitment to PHI protection and to help covered entities streamline security and compliance reviews of vendors. Our intent with HITRUST is to adopt best practices that have been defined by industry leaders in healthcare, technology, and information security. The only way to prove compliance is to complete and pass an external audit, preferably one conducted by a reputable audit firm with HIPAA experience.
