HITRUST®

A Comprehensive Framework for Risk Management

HITRUST stands for Health Information Trust Alliance and was created to maintain the Common Security Framework (CSF). The framework was created to bring together and harmonize the compliance frameworks of HIPAA, ISO 27001/27002, NIST 800-53, GDPR, and PCI DSS. The HITRUST CSF is used by healthcare organizations and their business associates to manage regulatory risk. A HITRUST certification is valid for 24 months.

However, HITRUST isn’t just for healthcare organizations. HITRUST CSF Version 9.3 is an agnostic framework, allowing it to be used across multiple industries. Companies in education, travel, insurance, and other sectors are now using HITRUST to streamline
the selection, implementation, assessment, and reporting of information security and privacy controls.

The HITRUST CSF provides an efficient approach to compliance and risk management. HITRUST combines relevant regulations (e.g., HIPAA, CCPA, and GDPR) and standards (e.g., PCI, COBIT, NIST, etc.) into one framework. Certification demonstrates a robust, proactive
commitment to security and risk management.

Compliance Doesn’t Have to be Complicated

Encompassing at least 135 security controls and 21 privacy controls, HITRUST can be challenging to understand. Additionally, as security threats evolve, so does the HITRUST CSF. An experienced assessor can provide the guidance you need to achieve and maintain certification.

At 360 Advanced, we will help you navigate the complex world of HITRUST. As a HITRUST Authorized External Assessor, we’ll use our experience to guide you through the certification process – from scoping and interviews to technical testing and validation.

If you’re new to HITRUST, the first step may be a guided Readiness Assessment. Our HITRUST Certified CSF Practitioners (CCSFPs) and Certified HITRUST Quality Professionals (CHQPs) will explain how your current efforts measure up, while identifying issues to remediate before your validated assessment. Once you move on to a validated security assessment, our team will perform onsite fieldwork to review your policies, procedures, implementation methodologies, measurement strategies, and management strategies.

Our HITRUST CSF Services

As a HITRUST CSF assessor, 360 Advanced has been approved to perform assessment services associated with the CSF Assurance Program.

This engagement is designed as an introduction to compliance with CSF, and is the springboard to a validated assessment. This is completed quickly and is the least burdensome on your organization’s resources. HITRUST does not perform any validation of your self-assessment.

A validated assessment offers your relying entity (aka client) assurance from 360 Advanced, an authorized CSF Assessor, about your CSF compliance. HITRUST requires us to perform on-site procedures along with executing an extensive testing program. Upon completion, HITRUST reviews the completed assessment and issues a Validated Report. In general, if your organization achieved a rating of 3+ or higher (on a scale of 1 – 5) in each domain, then your organization is eligible to become HITRUST CSF Certified valid for a two-year period.

In order to maintain your organization’s two-year HITRUST CSF Certification, an interim assessment must be conducted by an authorized CSF Assessor and submitted to HITRUST within the 90 day window leading up to the one year anniversary of the certification issuance date. Since your organization has made the effort to achieve certification, it’s critical to maintain that status with the Interim Assessment.

See what our clients are saying about us.

You deserve a conversation, not a questionnaire.

We build long-term relationships through trust and value. If you’re looking for a trusted business advisor to build your holistic compliance strategy, let’s chat!