HITRUST Certification
HITRUST can feel like a moving target
You don’t have to navigate it alone.
Our HITRUST-certified assessors work closely with your organization to evaluate your environment, review data flows, and assess in-scope systems. We identify control gaps, prioritize remediation efforts, and provide practical guidance every step of the way.
Need help beyond the assessment? We can develop policies and procedures, support risk assessments, strengthen incident response and disaster recovery programs, and address other key compliance requirements.
More than assessors, we are trusted advisors who help streamline certification, reduce risk, and build a stronger security and compliance program for the future.
Get in Touch with our Team
HITRUST Assurance Program Consulting:
HITRUST Essentials, 1-Year (e1) Validated Assessment
Designed to cover foundational cybersecurity practices for lower-risk healthcare covered entities and business associates. This validated assessment leverages a leaner set of controls, making it ideal for smaller organizations and startups looking to differentiate themselves in the marketplace. Controls in the e1 Validated Assessment can be leveraged in higher-level assessments later.
HITRUST Risk-Based, 2-Year (r2) Validated Assessment
Assessments performed against HITRUST CSF look at the various in-scope controls and their maturity scores for Policy, Procedure, Implemented, Measured, and Managed categories. Validated assessments can lead to HITRUST certifications based on achieving an appropriate overall assessment score. Our assessors are health IT and security experts who can help you identify the actions needed to ensure a high maturity rating and achievement of HITRUST CSF r2 Certification.
It is recommended that new customers have a Pre-Assessment engagement to uncover any deficiencies or necessary improvements prior to a full HITRUST r2 Assessment.
HITRUST Implemented, 1-Year (i1) Validated Assessment
Designed for healthcare covered entities and business associates that need moderate assurance, this 1-year certification focuses on a list of controls designated and updated yearly by HITRUST. Implemented maturity is tested by these controls. Our assessors will review, validate and submit the assessment to HITRUST for approval.
HITRUST Interim Assessment
As required by HITRUST for 2-Year validated assessments, an interim assessment must be completed at the 1-year mark from certification. The interim assessment determines if the controls in place are still effective as well as evaluates progress against any Corrective Action Plans that were created during the initial validation process.
Featured Experts
Our experts leverage decades of experience to support your organization’s unique cybersecurity and compliance strategy.
SME Highlight
Steve Meyer, CCSFP, CHQP
Steve Meyer is the Director of Consulting Services at Clearwater, bringing Clearwater customers over 37 years of experience in various […]
Featured Resources
