Because of the complexity involved in HIPAA compliance, a group of industry leaders came together to develop the Health Information Trust Alliance (HITRUST). In 2009, the HITRUST alliance released a Common Security Framework (CSF) as a framework specifically for the protection of ePHI. The framework is based on the HIPAA security rule for compliance but is also easily scalable to accommodate the needs of organizations of varying sizes with solutions of any degree of complexity.