The Common Security Framework created by Healthcare Information Trust Alliance, known as HITRUST CSF, is a U.S. healthcare security framework with security controls intended to protect healthcare information. The HITRUST CSF is a comprehensive and flexible framework that normalizes the security requirements of healthcare organizations including federal (e.g., HITECH Act and HIPAA), state, and third-party (e.g., PCI and COBIT) and government (e.g., NIST, FTC, and CMS) to help healthcare organizations assess the high-risk areas of an IT environment.
On Oct 27 2017, Microsoft completed a renewed third-party HITRUST CSF self-assessment by a HITRUST-certified assessor, Coalfire. Organizations can download the assessment report here on the Service Trust Portal. This report includes descriptions and observations from the 2017 assessment of Office 365 MultiTenant and the system’s compliance with HITRUST CSF Version 9.
* Note that it’s a self-assessment by third party assessor and the results are not certified by HITRUST Alliance