HITRUST assessment and certification

The most rigorous approach to meeting HIPAA requirements

Experienced security professionals at healthcare and life sciences organizations are familiar with HIPAA’s baseline requirements. But if you're looking for an actionable roadmap, you're more likely to find vague language and subjective interpretations.

This is where the Health Information Trust Alliance (HITRUST) comes in. The HITRUST Common Security Framework (CSF) was developed by healthcare and IT professionals to provide an efficient and prescriptive framework for managing the security requirements inherent in HIPAA.

HITRUST provides a certifiable information security framework that supplements existing framework controls with healthcare industry insights and best practices to provide clarity and consistency lacking in many standards and regulations. This normalization of processes allows healthcare and life sciences organizations and their vendors to conduct a single assessment while meeting the requirements of multiple compliance initiatives.

Coalfire’s HITRUST CSF facilitated self-assessment, validated assessment, and advisory services can help covered entities and business associates prepare for CSF adoption, implementation, and certification.

Why You Should Consider HITRUST

  • You’re a business associate that received a letter from a covered entity that requires you to be HITRUST CSF certified.
  • You’re a covered entity that seeks to improve your overall risk management program and security maturity posture.
  • You’re a business associate that wants to achieve the high-bar of HIPAA compliance to protect customer data – thereby using security as a competitive differentiator that can increase revenue from healthcare customers.
  • You want a framework that includes, harmonizes and cross-references existing, globally recognized standards, regulations and business requirements, including HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT, GDPR and scales controls according to the type, size and complexity of an organization.

Our services include:

  • HITRUST CSF FastTrack Toolkit 
  • HITRUST CSF Facilitated Self-Assessment
  • HITRUST CSF Validation
  • HITRUST-SOC Coordinated Assessments
  • Custom Training, Workshops, and Advisory

Why Choose Coalfire as your HITRUST Partner

  • We were one of the original HITRUST assessor firms (since 2011) with more than 35 certified HITRUST CSF practitioners on staff delivering hundreds of engagements and ready to help you with your HITRUST journey.
  • Coalfire is one of few assessor firms appointed to the HITRUST Assessor Council two years in a row based on qualifications and experience as a CSF Assessor organization. We were also appointed to the new 2018 Quality Subcommittee. Read more here
  • We have a streamlined methodology to assist covered entities and business associates with cyber risk programs that are in sync with the HITRUST CSF certification requirements.
  • In addition, our CoalfireOne℠ platform provides you with the testing, documentation, reporting tools, and QSA support needed to augment your HITRUST assessment and certification needs. The easy-to-use and secure CoalfireOne platform contains advanced features that make managing your risk and compliance program much easier.
  • Learn how to choose a HITRUST assessor firm (HITRUST newsletter blog post):  Best Practice Screenings from Healthcare Organizations Just Like Yours.

Our expertise includes:

  • Streamlining HITRUST CSF and EHNAC controls with the migration of HIPAA Security/Privacy modules within EHNAC accreditations to the HITRUST CSF framework.
  • Saving clients up to 40% in time, cost, and security team productivity through Coalfire Controls, an AICPA-member firm that performs SOC audits in conjunction with HITRUST assessments.
  • Sharing healthcare cybersecurity industry best practices through event presentations, webinars, case studies and white papers.

Industry Resources