Back to Resources | Press Releases

BARR Advisory Releases Whitepaper: HITRUST e1 Assessment Lowers the Barrier to Entry on Cybersecurity

March 14, 2023 | HITRUST

KANSAS CITY, Mo. — A new whitepaper from BARR Advisory breaks down the fundamentals of the HITRUST e1 Assessment and explores how the new framework lowers the barrier to entry for organizations aiming to mitigate the most critical threats to data security.

BARR’s latest whitepaper calls the HITRUST Essentials, 1-year (e1) Assessment a “stepping stone to more comprehensive and higher-effort assessments” that offers “the minimum level of cybersecurity assurance” an organization can achieve.

“The e1 Assessment serves as a lower cost and lower effort alternative to assessments like the i1 and r2 while still painting a reliable picture of an organization’s security posture,” said Steve Ryan, attest services manager at BARR Advisory.

According to the whitepaper, the HITRUST e1 Assessment is ideal for organizations with low levels of cybersecurity risk or that are just starting out on their security journeys. While it does not provide the same level of assurance as the i1 or r2, the e1 Assessment is more accessible than its counterparts in several ways:

  • It covers only 44 controls, a much smaller undertaking than the 182 controls required by the i1 Assessment, and the over 200 controls required by the r2 Assessment;
  • It is less expensive than other HITRUST assessments; and,
  • It can be completed in just three to six months—a fraction of the time it takes to complete either the i1 or r2 Assessment.

“The i1 and r2 Assessments provide significantly higher levels of risk assurance, but the resources required to obtain them sometimes place them out of reach,” Ryan said. “For organizations still in the early stages of building a security program, the e1 Assessment is a great first step.”

The publication of the whitepaper comes just weeks ahead of BARR Advisory’s appearance at the 2023 Healthcare Information and Management Systems Society (HIMSS) Global Health Conference in Chicago, where Ryan is slated to speak on “demystifying” security and compliance.

Read the full whitepaper here.


BARR Advisory is a cloud-based security and compliance solutions provider specializing in cybersecurity consulting and compliance for companies with high-value information in cloud environments like AWS, Microsoft Azure, and Google Cloud Platform. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.

BARR Advisory services include:

  • Compliance Program Assistance
  • SOC 1 Examinations
  • SOC 2 and 3 Examinations
  • SOC for Cybersecurity
  • PCI DSS Assessment Services
  • ISO 27001 Assessments
  • FedRAMP Security Assessments
  • HIPAA/HITECH Services
  • HITRUST Services
  • Penetration Testing and Vulnerability Assessments
  • Cybersecurity Consulting


Michelle Carson
BARR Advisory
[email protected]