HITRUST Assurance

HITRUST-certified assessors help you navigate HITRUST requirements and provide guidance on how to streamline your security and compliance efforts.

Transparent, Actionable Recommendations

We know the complexities of day-to-day IT and security operations. We’ll never deliver a standard auditor guide or playbook response—we ensure you fully understand and can execute against your personalized recommendations.

Web, tablet and doctors planning medical schedule on technology together at a hospital. Senior healthcare employees talking about surgery results, solution to health problem and strategy at clinic

HITRUST standards continuously update—but they don’t have to overwhelm your resources.

Our HITRUST-certified assessors perform interviews and examine your organization’s environment and data flow between in-scope systems. They identify control gaps and provide recommendations for remediation. If your company needs policies and procedures created, we can design and document those appropriately. We can also assist with risk assessment, incident response, disaster recovery, and more.

HITRUST Assurance Program Consulting:



HITRUST Basic, Current-state (bC) Assessment Guidance

Our expertise will save you time and optimize your self-assessment outcome as it is validated by the HITRUST Assurance Intelligence Engine to identify errors and omissions. Our engagement will educate and provide insight so organizations that are new to the HITRUST framework can complete a self-assessment. Along the way, we help you understand any immediate gaps and the actions needed if you were to move forward with a HITRUST Certified Assessment.



HITRUST Implemented, 1-Year (i1) Validated Assessment

Designed for healthcare-covered entities and business associates that need moderate assurance, this 1-year certification focuses on a list of controls designated and updated yearly by HITRUST. Implemented maturity is tested by these controls. Our assessors will review, validate and submit the assessment to HITRUST for approval.



HITRUST Risk-Based, 2-Year (r2) Validated Assessment

Assessments performed against HITRUST CSF look at the various in-scope controls and their maturity scores for Policy, Procedure, Implemented, Measured, and Managed categories. Validated assessments can lead to HITRUST certifications based on achieving an appropriate overall assessment score. Our assessors are health IT and security experts who can help you identify the actions needed to ensure a high maturity rating and achievement of HITRUST CSF r2 Certification.

It is recommended that new customers have a Pre-Assessment engagement to uncover any deficiencies or necessary improvements prior to a full HITRUST r2 Assessment.



HITRUST Interim Assessment

As required by HITRUST for 2-Year validated assessments, an interim assessment must be completed at the 1-year mark from certification. The interim assessment determines if the controls in place are still effective as well as evaluates progress against any Corrective Action Plans that were created during the initial validation process.

Featured Experts

Our experts leverage decades of experience to support your organization’s unique cybersecurity and compliance strategy.

SME Highlight

John Santana, CCSFP

John Santana is a Clearwater Principal Consultant, bringing Clearwater customers extensive experience supporting Healthcare IT Risk Management initiatives. When not […]

Steve Meyer, CCSFP, CHQP

Steve Meyer is the Director of Consulting Services at Clearwater, bringing Clearwater customers over 37 years of experience in various […]

Why Clearwater?

Drawn from different disciplines, our HITRUST assessors are some of the best in the field.

We understand the highly complex regulatory landscape and have the skills and expertise to navigate your team through it to ensure long-term compliance.

Want to Know More?

Contact Us

DALL·E 2023-02-08 13.08.24 - calm water ocean 2

ClearAdvantage®

Looking for a more comprehensive program?

Recognized by healthcare organizations as the industry leader in Compliance Management and Risk Management solutions for six consecutive years, Clearwater delivers the expertise and capabilities you need in a complete managed services program.

Our ClearAdvantage managed services program transforms the burden of cybersecurity and HIPAA compliance from a liability into a competitive advantage.

Learn More