HITRUST Certification
HITRUST-certified assessors help you navigate HITRUST requirements and provide guidance on how to streamline your security and compliance efforts.
Transparent, Actionable Recommendations
We know the complexities of day-to-day IT and security operations. We’ll never deliver a standard auditor guide or playbook response—we ensure you fully understand and can execute against your personalized recommendations.
HITRUST standards continuously update—but they don’t have to overwhelm your resources.
Our HITRUST-certified assessors perform interviews and examine your organization’s environment and data flow between in-scope systems. They identify control gaps and provide recommendations for remediation. If your company needs policies and procedures created, we can design and document those appropriately. We can also assist with risk assessment, incident response, disaster recovery, and more.
HITRUST Assurance Program Consulting:
HITRUST Essentials, 1-Year (e1) Validated Assessment
Designed to cover foundational cybersecurity practices for lower-risk healthcare covered entities and business associates. This validated assessment leverages a leaner set of controls, making it ideal for smaller organizations and startups looking to differentiate themselves in the marketplace. Controls in the e1 Validated Assessment can be leveraged in higher-level assessments later.
HITRUST Risk-Based, 2-Year (r2) Validated Assessment
Assessments performed against HITRUST CSF look at the various in-scope controls and their maturity scores for Policy, Procedure, Implemented, Measured, and Managed categories. Validated assessments can lead to HITRUST certifications based on achieving an appropriate overall assessment score. Our assessors are health IT and security experts who can help you identify the actions needed to ensure a high maturity rating and achievement of HITRUST CSF r2 Certification.
It is recommended that new customers have a Pre-Assessment engagement to uncover any deficiencies or necessary improvements prior to a full HITRUST r2 Assessment.
HITRUST Implemented, 1-Year (i1) Validated Assessment
Designed for healthcare covered entities and business associates that need moderate assurance, this 1-year certification focuses on a list of controls designated and updated yearly by HITRUST. Implemented maturity is tested by these controls. Our assessors will review, validate and submit the assessment to HITRUST for approval.
HITRUST Interim Assessment
As required by HITRUST for 2-Year validated assessments, an interim assessment must be completed at the 1-year mark from certification. The interim assessment determines if the controls in place are still effective as well as evaluates progress against any Corrective Action Plans that were created during the initial validation process.
Featured Experts
Our experts leverage decades of experience to support your organization’s unique cybersecurity and compliance strategy.
SME Highlight
Gary Holverson, CISM, CCSFP
Gary Holverson brings more than 20 years of experience in healthcare IT operations management to his role as a Principal […]
SME Highlight
Steve Meyer, CCSFP, CHQP
Steve Meyer is the Director of Consulting Services at Clearwater, bringing Clearwater customers over 37 years of experience in various […]
Featured Resources
Why Clearwater?
Drawn from different disciplines, our HITRUST assessors are some of the best in the field.
We understand the highly complex regulatory landscape and have the skills and expertise to navigate your team through it to ensure long-term compliance.
Want to Know More?
ClearAdvantage®
Looking for a more comprehensive program?
Recognized by healthcare organizations as the industry leader in Compliance Management and Risk Management solutions for six consecutive years, Clearwater delivers the expertise and capabilities you need in a complete managed services program.
Our ClearAdvantage managed services program transforms the burden of cybersecurity and HIPAA compliance from a liability into a competitive advantage.
Connect
With Us