HITRUST assessment and certification

Effectively manage risk, meet compliance requirements and improve data protection.

Information security, risk management and privacy professionals from public and private sectors must safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.

This is where the Health Information Trust Alliance (HITRUST) comes in. The HITRUST CSF is a scalable, prescriptive and certifiable framework that harmonizes numerous standards, regulations, control frameworks and leading practices.

HITRUST provides a certifiable information security framework that supplements existing framework controls with industry insights and best practices to provide clarity and consistency lacking in many standards and regulations. This normalization of processes allows organizations and their vendors to conduct a single assessment while meeting the requirements of multiple compliance initiatives.

As one of the original HITRUST CSF Assessor firms, Coalfire is uniquely positioned to provide guidance and insights gleaned from years of interaction with HITRUST, and organizations that have undergone HITRUST CSF certification.

Why You Should Consider HITRUST

  • You’re a service provider that received a letter from a customer requiring HITRUST CSF certification.
  • You’re an organization that seeks to improve your overall risk management program and security posture.
  • You’re a service provider that wants the most prescriptive approach to protecting customer data, hence able to use security as a competitive differentiator that can increase revenue.
  • You want a framework that includes, harmonizes and cross-references existing, globally recognized standards, regulations and business requirements, including HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT, GDPR and scales controls according to the type, size and complexity of an organization.

Our services include:

Why Choose Coalfire as your HITRUST Partner

  • Coalfire is one of the original HITRUST assessor firms (since 2011) with more than 35 certified HITRUST CSF practitioners on staff delivering hundreds of engagements and ready to help you with your HITRUST journey.
  • Coalfire is one of few assessor firms appointed to the HITRUST Assessor Council two years in a row based on qualifications and experience as a CSF Assessor organization. We were also appointed to the new 2018 Quality Subcommittee. Read more here.
  • We have a streamlined methodology to assist organizations with cyber risk programs that are in sync with the HITRUST CSF certification requirements.
  • Our pre-certification services help you fully understand, and gain clarity into, the HITRUST CSF lifecycle so you can reduce time, costs, and resources and prepare your organization for success.
  • Our post-certification services help you optimize the framework and maximize your investment.
  • In addition, our CoalfireOne℠ platform provides you with the testing, documentation, reporting tools, and support needed to augment your HITRUST assessment and certification needs. The easy-to-use and secure CoalfireOne platform contains advanced features for easy risk and compliance program management.
  • Learn how to choose a HITRUST assessor firm (HITRUST newsletter blog post): Best Practice Screenings from Healthcare Organizations Just Like Yours.

Our expertise include:

  • Streamlining HITRUST CSF and EHNAC controls with the migration of HIPAA Security/Privacy modules within EHNAC accreditations to the HITRUST CSF framework.
  • Saving clients up to 40% in time, cost, and security team productivity through Coalfire Controls, an AICPA-member firm that performs SOC audits in conjunction with HITRUST assessments.
  • Sharing cybersecurity industry best practices through event presentations, webinars, case studies and white papers.

Industry Resources