HITRUST-certified assessors help you navigate HITRUST requirements and provide guidance on how to streamline your security and compliance efforts.
Transparent, Actionable Recommendations
We know the complexities of day-to-day IT and security operations. We’ll never deliver a standard auditor guide or playbook response—we ensure you fully understand and can execute against your personalized recommendations.
HITRUST standards continuously update—but they don’t have to overwhelm your resources.
Our HITRUST-certified assessors perform interviews and examine your organization’s environment and data flow between in-scope systems. They identify control gaps and provide recommendations for remediation. If your company needs policies and procedures created, we can design and document those appropriately. We can also assist with risk assessment, incident response, disaster recovery, and more.
HITRUST Assurance Program Consulting:
HITRUST Essentials, 1-Year (e1) Validated Assessment
Designed to cover foundational cybersecurity practices for lower-risk healthcare covered entities and business associates. This validated assessment leverages a leaner set of controls, making it ideal for smaller organizations and startups looking to differentiate themselves in the marketplace. Controls in the e1 Validated Assessment can be leveraged in higher-level assessments later.
HITRUST Risk-Based, 2-Year (r2) Validated Assessment
Assessments performed against HITRUST CSF look at the various in-scope controls and their maturity scores for Policy, Procedure, Implemented, Measured, and Managed categories. Validated assessments can lead to HITRUST certifications based on achieving an appropriate overall assessment score. Our assessors are health IT and security experts who can help you identify the actions needed to ensure a high maturity rating and achievement of HITRUST CSF r2 Certification.
It is recommended that new customers have a Pre-Assessment engagement to uncover any deficiencies or necessary improvements prior to a full HITRUST r2 Assessment.
HITRUST Implemented, 1-Year (i1) Validated Assessment
Designed for healthcare covered entities and business associates that need moderate assurance, this 1-year certification focuses on a list of controls designated and updated yearly by HITRUST. Implemented maturity is tested by these controls. Our assessors will review, validate and submit the assessment to HITRUST for approval.
HITRUST Interim Assessment
As required by HITRUST for 2-Year validated assessments, an interim assessment must be completed at the 1-year mark from certification. The interim assessment determines if the controls in place are still effective as well as evaluates progress against any Corrective Action Plans that were created during the initial validation process.
Our experts leverage decades of experience to support your organization’s unique cybersecurity and compliance strategy.
John Santana, CCSFP
John Santana is a Clearwater Principal Consultant, bringing Clearwater customers extensive experience supporting Healthcare IT Risk Management initiatives. When not […]
Drawn from different disciplines, our HITRUST assessors are some of the best in the field.
We understand the highly complex regulatory landscape and have the skills and expertise to navigate your team through it to ensure long-term compliance.
Want to Know More?
Looking for a more comprehensive program?
Recognized by healthcare organizations as the industry leader in Compliance Management and Risk Management solutions for six consecutive years, Clearwater delivers the expertise and capabilities you need in a complete managed services program.
Our ClearAdvantage managed services program transforms the burden of cybersecurity and HIPAA compliance from a liability into a competitive advantage.