Quality is Job One When it Comes to the HITRUST CSF Assurance Program

Zach Shales, Director, Healthcare Certification, Coalfire

The HITRUST CSF® remains an essential security and privacy controls framework that addresses the multitude of security, privacy, and regulatory challenges facing both public and private sector organizations. As framework adoption increases across all industries, maintaining integrity is crucial, and continuous improvement should always be top of mind with any endeavor. This was HITRUST’s clear intent when they announced the formation of an Assessor Council back in 2016 and a Quality Subcommittee in 2017.

As one of the first organizations to join the HITRUST Assessor Program in 2011, we’ve seen massive growth in the number of Assessor firms to more than 90 today. Add in the brand-new Internal Assessor Program and it becomes even more necessary to ensure quality and consistency.

In 2020, HITRUST updated the name of Assessor firms to HITRUST Authorized External Assessors to differentiate with Internal Assessors. External Assessors are organizations that must be approved by HITRUST for performing assessment and services associated with the HITRUST CSF Assurance Program and the HITRUST CSF. They're critical to HITRUST’s efforts to provide trained resources to organizations of varying size and complexity to assess compliance with security control requirements, and document corrective action plans that align with the HITRUST CSF.

With such a rigorous and complex validation process, we’ve prioritized quality over the years since it is so integral to certification success. We understand the need to balance quality with cost, and consider this expertise key to our input with the Assessor Council. Playing an active role in setting standards for regulations and frameworks designed to achieve data protection goals is of utmost importance for our team, and the benefits translate directly to our clients.

As a trusted resource, we're able to advise on issues around the uniformity and discipline needed for assessment execution, which in turn helps our clients prepare for, validate, and optimize their HITRUST programs. Organizations that have adopted the framework understand that it's vital for HITRUST to maintain a process for ensuring quality and compliance with the HITRUST CSF Assurance Program. We value the chance to invest our time and expertise in this initiative, and to reinforce and strengthen the HITRUST CSF Assurance Program.

Zach Shales

Author

Zach Shales — Director, Healthcare Certification, Coalfire

Top