Simplifying HITRUST Compliance Solutions

Contact Us


The HITRUST Common Security Framework (CSF) was developed in collaboration with healthcare and information security professionals to provide a prescriptive framework to simplify security requirements. It is the most widely-adopted security framework in the U.S. healthcare industry. HITRUST offers a readiness assessment and a validated assessment against the CSF. A validated assessment is conducted by a HITRUST Authorized External Assessor, like BARR, and is the only assessment that produces a validated certification report. With extensive experience in healthcare audit services, we’ll help your organization through the HITRUST CSF assessment process.

Questions About HITRUST?


Learn important facts from the HITRUST Alliance’s Did You Know? page, and connect with a BARR expert who can help you get started on your HITRUST journey.

Get Your Answers

HITRUST Open House

Join us for our HITRUST Open House on any Wednesday from 11 a.m. to noon CST and learn the process and benefits of obtaining a HITRUST Certification.

Save Your Seat

Benefits of HITRUST

Stay up-to-date on the latest security risks.

Differentiate your business from the competition.

Secure trust among stakeholders.

Decrease risk of data loss or breach.

Get access to ongoing improvement plans with interim assessments.

Peace of mind knowing patient data is protected.

How It Works

Phase I  HITRUST Readiness Assessment

A readiness assessment is recommended prior to the validated assessment in order to identify control weaknesses that need correction. Deliverables from the readiness assessment include:

  • Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls
  • Control gaps and areas of improvement
  • Prioritized observations and recommendations for remediation
  • The advantage of performing a readiness assessment prior to a HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities.

Phase II HITRUST Validated Assessment

The validated assessment includes a number of testing procedures to ensure compliance gaps have been appropriately identified and controls are implemented and operating effectively. Testing procedures include:

  • Walkthroughs with personnel interviews to verify policies and procedures are documented
  • Inspection of CSF-relevant policies and procedures to verify adequate coverage of CSF requirements
  • Technical testing to validate the implementation of relevant controls
  • Observation of relevant controls and control processes
  • Inspection of mechanisms used to manage relevant controls

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your healthcare compliance needs.

Connect With BARR

BARR associates were excellent communicators, friendly, and professional. They genuinely want to see security practices at our organization improve. Our engagement was the most positive auditor engagement I’ve been a part of in my 15+ year information security career.

HITRUST Resources

Our Approach

Get a look at key steps and deliverables you can expect when partnering with BARR for your HITRUST CSF Certification.

View Our Proven Process


Learn the benefits of using BARR to achieve HITRUST CSF Certification and what to expect during the process.

Read Our Fact Sheet

cyBARR Chats, HITRUST Edition

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.