All Episodes
Displaying 1 - 20 of 101 in total
Episode 1 — Why HITRUST Exists (Assurance vs Frameworks)
The Health Information Trust Alliance, better known as HITRUST, was created to solve a growing problem: the fragmented landscape of overlapping cybersecurity and priva...
Episode 2 — HIPAA and PHI in Plain English
Before diving into HITRUST certification, every learner must grasp the basics of HIPAA—the Health Insurance Portability and Accountability Act—and the concept of Prote...
Episode 3 — Terminology and Mental Models
Success in HITRUST studies depends on mastering its terminology and conceptual structure. The framework uses specific terms—control references, assessment objects, req...
Episode 4 — Positioning HITRUST vs NIST CSF, ISO 27001, and CIS 18
HITRUST is often compared to other well-known cybersecurity frameworks such as NIST CSF, ISO 27001, and the CIS Critical Security Controls. While each promotes sound g...
Episode 5 — Assurance Programs Overview: e1, i1, r2
The HITRUST assurance programs—e1, i1, and r2—represent a graduated path of control maturity and assurance depth. The e1 assessment provides entry-level, baseline assu...
Episode 6 — PRISMA Scoring Basics
The PRISMA model, or Privacy and Security Maturity Model, is the foundation of HITRUST’s scoring and evaluation process. It measures how well a control is implemented ...
Episode 7 — Evidence That Passes QA: Policy, Procedure, and Proof
HITRUST’s quality assurance process is rigorous, and only specific types of evidence meet its expectations. Candidates must learn the three key evidence categories: Po...
Episode 8 — MyCSF Overview and Workflow
MyCSF is the official HITRUST SaaS platform that enables scoping, control assignment, evidence submission, and assessor collaboration throughout the certification proc...
Episode 9 — Readiness Assessment vs Validated Assessment
A readiness assessment is a self-led or assessor-assisted evaluation designed to help organizations identify control gaps before pursuing certification. It mirrors the...
Episode 10 — Sampling Basics and Populations
Sampling is the statistical foundation of HITRUST evidence testing. It determines how assessors evaluate whether a control operates consistently across multiple instan...
Episode 11 — Shared Responsibility and Inheritance
Shared responsibility is a foundational concept in HITRUST, especially in environments that use third-party cloud or managed services. It defines which security contro...
Episode 12 — Budgeting and Timelines
A successful HITRUST journey requires careful planning of both budget and timeline. The certification process involves multiple cost layers: assessor fees, HITRUST sub...
Episode 13 — Roles, RACI, and Governance Cadence
HITRUST certification success depends heavily on clear role definition and governance structure. The RACI model—Responsible, Accountable, Consulted, and Informed—provi...
Episode 14 — Kickoff Checklist and First 30 Days
The initial 30 days of a HITRUST engagement set the foundation for the entire certification effort. A structured kickoff checklist ensures all stakeholders, systems, a...
Episode 15 — Foundations Recap & Quick Reference
By this point, learners have covered the essential building blocks of the HITRUST program—from its purpose and assurance models to workflow, evidence, and governance f...
Episode 16 — Who e1 Is For (and Who It Isn’t)
The HITRUST e1 assessment is designed for organizations seeking a streamlined, entry-level assurance program that validates foundational cybersecurity hygiene. It focu...
Episode 17 — e1 Scope: What’s In, What’s Out
Defining scope correctly is one of the most critical early steps in an e1 assessment. The scope identifies which systems, business processes, and data flows fall under...
Episode 18 — Access Control Essentials for e1
Access control under e1 focuses on verifying that users are granted the least privilege necessary to perform their duties and that inactive or unauthorized accounts ar...
Episode 19 — Endpoint Security Essentials for e1
Endpoint protection is central to the e1 framework, ensuring that devices used by employees, contractors, and partners maintain baseline security configurations. Candi...
Episode 20 — Patch and Vulnerability Essentials for e1
Patch and vulnerability management under e1 ensures that known system weaknesses are identified and corrected promptly. This safeguard reflects one of the most basic y...