HITRUST Assurance

HITRUST-certified assessors help you navigate HITRUST requirements and provide guidance on how to streamline your security and compliance efforts.

Transparent, Actionable Recommendations

We know the complexities of day-to-day IT and security operations. We’ll never deliver a standard auditor guide or playbook response—we ensure you fully understand and can execute against your personalized recommendations.

HITRUST standards continuously update—but they don’t have to overwhelm your resources.

Our HITRUST-certified assessors perform interviews and examine your organization’s environment and data flow between in-scope systems. They identify control gaps and provide recommendations for remediation. If your company needs policies and procedures created, we can design and document those appropriately. We can also assist with risk assessment, incident response, disaster recovery, and more.

HITRUST Assurance Program Consulting:

HITRUST Essentials, 1-Year (e1) Validated Assessment

Designed to cover foundational cybersecurity practices for lower-risk healthcare covered entities and business associates. This validated assessment leverages a leaner set of controls, making it ideal for smaller organizations and startups looking to differentiate themselves in the marketplace. Controls in the e1 Validated Assessment can be leveraged in higher-level assessments later. 

HITRUST Risk-Based, 2-Year (r2) Validated Assessment

Assessments performed against HITRUST CSF look at the various in-scope controls and their maturity scores for Policy, Procedure, Implemented, Measured, and Managed categories. Validated assessments can lead to HITRUST certifications based on achieving an appropriate overall assessment score. Our assessors are health IT and security experts who can help you identify the actions needed to ensure a high maturity rating and achievement of HITRUST CSF r2 Certification.

It is recommended that new customers have a Pre-Assessment engagement to uncover any deficiencies or necessary improvements prior to a full HITRUST r2 Assessment.

HITRUST Implemented, 1-Year (i1) Validated Assessment

Designed for healthcare covered entities and business associates that need moderate assurance, this 1-year certification focuses on a list of controls designated and updated yearly by HITRUST. Implemented maturity is tested by these controls. Our assessors will review, validate and submit the assessment to HITRUST for approval.

HITRUST Interim Assessment

As required by HITRUST for 2-Year validated assessments, an interim assessment must be completed at the 1-year mark from certification. The interim assessment determines if the controls in place are still effective as well as evaluates progress against any Corrective Action Plans that were created during the initial validation process.

Featured Experts

Our experts leverage decades of experience to support your organization’s unique cybersecurity and compliance strategy.

SME Highlight

John Santana, CCSFP

John Santana is a Clearwater Principal Consultant, bringing Clearwater customers extensive experience supporting Healthcare IT Risk Management initiatives. When not […]

Read More

SME Highlight

Steve Meyer, CCSFP, CHQP

Steve Meyer is the Director of Consulting Services at Clearwater, bringing Clearwater customers over 37 years of experience in various […]

Read More

Why Clearwater?

Drawn from different disciplines, our HITRUST assessors are some of the best in the field.

We understand the highly complex regulatory landscape and have the skills and expertise to navigate your team through it to ensure long-term compliance.


Want to Know More?

Contact Us


Looking for a more comprehensive program?

Recognized by healthcare organizations as the industry leader in Compliance Management and Risk Management solutions for six consecutive years, Clearwater delivers the expertise and capabilities you need in a complete managed services program.

Our ClearAdvantage managed services program transforms the burden of cybersecurity and HIPAA compliance from a liability into a competitive advantage.

With Us