This topic describes how Snowflake supports customers with HITRUST CSF compliance requirements.

Understanding HITRUST CSF compliance requirements

The Health Information Trust Alliance Common Security Framework (HITRUST CSF) serves to unify security controls based on aspects of US federal law (such as HIPAA and HITECH), certain state-specific laws and other industry-standard compliance frameworks into a single comprehensive set of baseline security and privacy controls, built specifically for healthcare needs.

Snowflake participates in the HITRUST Shared Responsibility and Inheritance Program. With the Shared Responsibility Matrix (SRM), customers can now inherit Snowflake’s HITRUST CSF certification provided that customers apply the controls detailed in the HITRUST Alliance website. Customers should download the Snowflake Custom HITRUST Shared Responsibility Matrix to determine HITRUST controls that they are responsible for implementing as part of the shared responsibility model. Customers should refer to the HITRUST webpage for guidance on how to initiate an inheritance request.

For details, see: