The HITRUST Common Security Framework (CSF) is a standard for protecting and managing sensitive data primarily focused on the healthcare industry. It is a rigorous framework, certification delivers proof to the marketplace that an organization has the highest standards for data security. HITRUST encompasses other highly-regarded standards, including NISTISO 27001PCI DSSHIPAA, and GDPR, allowing organizations to demonstrate compliance with multiple standards and regulations.

CompliancePoint is an authorized CSF Assessor. But, we’re a partner, not an auditor. We work with each of our clients to ensure they successfully achieve their HITRUST compliance objectives. Partnering with CompliancePoint to become HITRUST Certified will provide you with:

  • The expertise, process, procedures, and technology required for HITRUST CSF Certification
  • A non-biased 3rd party attestation of your security controls
  • A comprehensive yet efficient assessment methodology
  • Step-by-step support based on years of experience within the healthcare industry

Each of our engagements is uniquely based on our client’s specific needs.

Our engagements often include a combination of the following services:

Our Focus

Our HITRUST services help organizations secure HITRUST certification. CompliancePoint will work with you to design and implement security controls that satisfy the requirements found in the standard's 14 control categories.

Information Security Management Program

Access Control

Human Resources Security

Risk Management

Security Policy

Organization of Information Security

Compliance

Asset Management

Physical and Environment Security

Communications and Operations Management

Info Systems Acquisition, Development & Maintenance

Information Security Incident Management

Business Continuity Management

Privacy Practices

Our Benefits

Objective & knowledgeable assessments
Proven techniques and strategies
Target high-priority tasks
Control design & automation

Access to cutting-edge tools & technology
No turnover
Cost savings
Institutionalize your security processes

Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Institutionalize your security processes
Control design & automation

Learn More About HITRUST

Organizations seeking HITRUST certification can select between three assessment options. All three require a HITRUST assessor firm to conduct a validated assessment of the organization’s controls. The Assessor will submit the assessment to HITRUST to review and determine if certification will be issued.

HITRUST Essentials, 1-year (e1)

The e1 is designed as a low-effort assessment focusing on basic cybersecurity hygiene and addressing what HITRUST identified as the most critical cybersecurity practices. This assessment option is designed for vendors whose risk may not be high enough to warrant the more extensive assessments but do need to demonstrate a verifiable commitment to basic security standards. e1 certifications must be renewed annually.

HITRUST CSF Implemented, 1-year (i1) Validated Assessment

The i1 is a certifiable assessment option that represents a midrange in terms of time, effort, and cost. This assessment should be considered by companies with cybersecurity controls in place but without thorough policy and process documentation.

HITRUST CSF Risk-based, 2-Year (r2) Assessment

The r2 is the gold standard for security certifications in the healthcare industry. It requires the most significant commitment to obtain, but it is a highly regarded certification that demonstrates an organization is dedicated to the highest level of data security.

Records Icon

10 Billion+

Records Audited

Expert Witness

150+

Cases as an
Expert Witness

Companies Icon

2,500+

Companies Served

92 Net Promoter Score

+86

Net Promoter Score - Our Customers Love Us!