Simplifying HITRUST Compliance Solutions

Contact Us


The HITRUST Common Security Framework (CSF) was developed in collaboration with healthcare and information security professionals to provide a prescriptive framework to simplify security requirements. It is the most widely-adopted security framework in the U.S. healthcare industry. HITRUST offers a readiness assessment and a validated assessment against the CSF. A validated assessment is conducted by a HITRUST Authorized External Assessor, like BARR, and is the only assessment that produces a validated certification report. With extensive experience in healthcare audit services, we’ll help your organization through the HITRUST CSF assessment process.

Questions about HITRUST? Check out our HITRUST FAQs page!


Benefits of HITRUST Certification

Stay up-to-date on the latest security risks.

Differentiate your business from the competition.

Secure trust among stakeholders.

Decrease risk of data loss or breach.

Get access to ongoing improvement plans with interim assessments.

Peace of mind knowing patient data is protected.

How It Works

Phase I  HITRUST Readiness Assessment

A readiness assessment is recommended prior to the validated assessment in order to identify control weaknesses that need correction. Deliverables from the readiness assessment include:

  • Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls
  • Control gaps and areas of improvement
  • Prioritized observations and recommendations for remediation
  • The advantage of performing a readiness assessment prior to a HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities.

Phase II HITRUST Validated Assessment

The validated assessment includes a number of testing procedures to ensure compliance gaps have been appropriately identified and controls are implemented and operating effectively. Testing procedures include:

  • Walkthroughs with personnel interviews to verify policies and procedures are documented
  • Inspection of CSF-relevant policies and procedures to verify adequate coverage of CSF requirements
  • Technical testing to validate the implementation of relevant controls
  • Observation of relevant controls and control processes
  • Inspection of mechanisms used to manage relevant controls

Our Proven Process

We believe there should be no surprises on your path to HITRUST certification, which is why our proven process was designed to ensure you are prepared and know what to expect every step of the way.

Readiness Period
Connect & Define Scope
  • About us
  • About you
  • Client commitments and timelines
  • Proposal
Kickoff Meeting
  • Confirm expectations
  • Explain HITRUST process
  • MyCSF tool overview
Assess Controls
  • HITRUST questionnaire
  • Address control gaps
  • Recommendations for remediation
Remediation Assistance
  • BARR provides gap report
  • Debrief
  • Check subset of controls
  • Ensure remediation of gaps
Controls must be implemented 90 days prior to assessment.
Validation Assessment
The i1 validation is an annual process, while the r2 repeats two years with an interim assessment in between.
  • Confirm expectations
  • Establish timelines
  • Schedule QA block with HITRUST
  • Verify policies and procedures
  • Test implementation of controls
  • Complete documentation
  • Manager review
  • Final quality assurance review
HITRUST Quality Analysis
  • HITRUST QA review
  • Submit assessment to HITRUST
  • HITRUST issues certification
Celebrate & Optimize
  • Debrief
  • Rate engagement
  • Improve security
  • Next steps

Why BARR for HITRUST Compliance

  • As a HITRUST Authorized External Assessor, BARR provides a collaborative, hands-on approach tailored your company’s unique needs
  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare, and government
  • BARR provides an easy-to-use project management tool that integrates seamlessly into your infrastructure
  • Nearly 100% client retention rate
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

BARR Advisory is a critical component for suggestions and accountability towards continuous improvements in our platform’s security and privacy controls

Open House

Join us any Wednesday (or every Wednesday!) from 11 a.m. to noon CST for an open Q&A and discussion of the process and benefits of obtaining a HITRUST Certification. As a company that handles ePHI, having a HITRUST Certification demonstrates your commitment to managing risk and securing protected healthcare information.

Sign Up for An Open House

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Connect With BARR

HITRUST Resources

Our Approach

Get a look at key steps and deliverables you can expect when partnering with BARR for your HITRUST CSF Certification.

Click to Download PDF


Learn how BARR tailors the HITRUST CSF Certification process to your unique needs.

Click to Download PDF

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.