HITRUST assessment, advisory, and certification

Connect with us

The Health Information Trust Alliance (HITRUST) provides a certifiable information security framework (CSF) that supplements existing framework controls with industry insights and best practices to provide clarity and consistency lacking in many standards and regulations. This normalization of processes allows you and your vendors to conduct a single assessment while meeting the requirements of multiple compliance initiatives.

Manage risk, meet HITRUST certification requirements, and improve data protection

As one of the original HITRUST External Assessors, Coalfire is uniquely positioned to provide guidance and insights gleaned from years of interaction with HITRUST and organizations we've partnered with for successful certification.

Who should consider HITRUST certification?

  • Service providers that received a letter from a customer requiring HITRUST CSF certification.
  • Organizations looking to improve your overall risk management program and security posture.
  • Service providers that want the most prescriptive approach to protecting customer data, and therefore, be able to use security as a competitive differentiator that can increase revenue.
  • You want a framework that includes, harmonizes, and cross-references existing, globally recognized standards, regulations, and business requirements – including HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT, and GDPR – and scales controls according to the type, size, and complexity of an organization.
Medical professional holding written card in one hand while pointing to computer screen

HITRUST compliance services



  • HITRUST compliance in the cloud. Our cloud expertise in certifying the world's largest cloud service providers, AWS Healthcare Competency Partnership, and our participation in the HITRUST Shared Responsibilities working group provides advantages in certifying your own cloud workloads.
  • HITRUST-specific experts. We offer teams that focus on only one area of risk and compliance, rather than generalists in several areas. They hone their craft, so you get the highest level of expertise plus a deep bench of professionals for faster certification.

Advisory services

  • Preparation for the HITRUST certification journey. For each step, we help you select the level of risk that's acceptable for your organization based on your internal capabilities, knowledge, and budget.
  • HITRUST workshop
  • HITRUST CSF gap analysis
  • HITRUST CSF facilitated self-assessment
  • Healthcare risk analysis and advisory

Assessment and certification services

  • HITRUST CSF validation/certification
  • HITRUST CSF interim assessment
  • HITRUST CSF continuous monitoring
  • HITRUST CSF bridge assessments
  • HITRUST-SOC coordinated assessments
  • Post-certification optimization. After successful HITRUST certification, we help you understand how to optimize the framework and maximize your investment.

Why choose Coalfire as your HITRUST assessor?

  • We are one of the original HITRUST assessors, with more than 35 certified HITRUST CSF practitioners delivering hundreds of engagements.
  • We are one of few assessor firms appointed to the HITRUST Assessor Council five years in a row based on qualifications and experience as a CSF Assessor organization.
  • We have a streamlined methodology to assist organizations with cyber risk programs that are in sync with the HITRUST CSF certification requirements.
  • Our pre-certification services help you fully understand, and gain clarity into, the HITRUST CSF lifecycle so you can reduce time, costs, and resources and prepare your organization for success.

Contact us to improve your cybersecurity posture