HIPAA to HITRUST

HITRUST was developed in collaboration with the healthcare and information security industry. The HITRUST Common Security Framework (CSF) streamlines the myriad of healthcare and security regulations/standards into one holistic security framework. As HITRUST is both risk and compliance-oriented, organizations have the ability to customize the framework on organization type, size, systems, and regulatory requirements. HITRUST does not replace HIPAA, but it can provide measurable criteria and objectives for applying appropriate administrative, technical, and physical safeguards.

HITRUST Assurance Program Consulting

Security risk management is an ongoing challenge, and as HITRUST CSF standards continuously update, it can overwhelm existing limited resources. We help you understand how these updates may affect your business and guide how to streamline your security efforts. HITRUST certified assessors perform interviews and examine your organization’s environment and flow of data between in-scope systems. They identify control gaps and provide recommendations for remediation. If your company needs policies and procedures created, we can design and document those appropriately. We can also assist in documenting non-technical controls such as Risk Assessment, Incident Response, Disaster Recovery, and more.

HITRUST Basic, Current-state (bC) Assessment

Our expertise in understanding the requirements and insight into the unique scoring of the standard will save you time and optimize your assessment outcome. Completing a self-assessment will help customers new to the HITRUST framework understand how close they are to meeting full certification when going forward with a CSF validation assessment with a HITRUST-approved assessor.

HITRUST Implemented, 1-Year (i1) Validated Assessment

Designed for healthcare-covered entities and business associates that need moderate assurance, this 1-year certification focuses on a list of controls designated and updated yearly by HITRUST. Implemented maturity is tested by these controls. Our assessors will review, validate and submit the assessment to HITRUST for approval.

HITRUST Risk-Based, 2-Year (r2) Validated Assessment

Assessments performed against HITRUST CSF look at the various in-scope controls and their maturity scores for Policy, Procedure, Implemented, Measured, and Managed categories. Validated assessments can lead to HITRUST certifications based on achieving an appropriate overall assessment score. It is recommended that new clients do a self-assessment first to understand their score baseline. Our assessors have IT and security backgrounds and make sure clients understand the findings, taking time to help them understand all aspects of the assessment and provide helpful recommendations in areas where scores can be improved.

HITRUST Interim Assessment

As required by HITRUST for all validated assessments, an interim assessment must be completed before one year following certification. The interim assessment determines if the controls in place are still effective as well as evaluates progress against any Corrective Action Plans that were created during the initial validation process.

Our team of experts has extensive experience helping clients comply with healthcare security standards and information security. Our HITRUST assessor’s recommendations are transparent and actionable because we know the complexity of day-to-day IT and security operations. We’ll never deliver a standard auditor guide or playbook response because we make sure you fully understand and can execute against your personalized recommendations. HIPAA to HITRUST and any needs in between, we can support your healthcare organization.