BARR Advisory showcased its healthcare auditing know-how at the virtual HITRUST Community Extension Program (CEP) event on June 23. Representing BARR was Swathi West, HITRUST manager, who gave a presentation titled, “The Dos and Don’ts: Getting Started with HITRUST.”
West’s experience combined with BARR’s designation as a HITRUST Authorized External Assessor brought a unique perspective on HITRUST to attendees. She weaved the five Ws into her presentation, including:
- Who should be involved in the HITRUST certification process
- What makes the HITRUST framework unique
- When is the right time to obtain certification
- Where organizations can get certified
- Why companies need HITRUST
West also went into great detail about what companies should (the dos) and shouldn’t (the don’ts) do when it comes to obtaining HITRUST certification. Here is a quick sampling of three dos and don’ts covered:
- Do review customer contracts; Don’t assume HITRUST is like every other security framework or compliance audit
- Do look into MyCSF subscriptions by contacting HITRUST or an Authorized External Assessor, like BARR; Don’t only focus on your validated assessment—keep the interim assessment in mind as well
- Do involve your Authorized External Assessor early in the process; Don’t rush the process and over scope the environment for your first-year assessment.
“Don’t forget that HITRUST is all about continuous improvement,” said West. “Even though certification is valid for two years, remember your organization still has to perform an interim assessment one year after its initial HITRUST validated assessment. It’s not one-and-done. The focus of this interim assessment is to make sure there is continuous improvement and your organization is working on the corrective action plans, making sure controls are operating effectively.”
HITRUST CEP events like these are informative, collaborative sessions that offer knowledge sharing, resources, and support for organizations looking to enhance their risk management practices and start their HITRUST certification journey.
HITRUST established its CEP program to help companies adopt and leverage resources and better address common security and privacy challenges. All events are planned and carried out by HITRUST and HITRUST External Assessors, like BARR.