The HITRUST Common Security Framework (CSF) was developed in collaboration with healthcare and information security professionals to provide a prescriptive framework to simplify security requirements. It is the most widely-adopted security framework in the U.S. healthcare industry. HITRUST offers a readiness assessment and a validated assessment against the CSF. A validated assessment is conducted by a HITRUST Authorized External Assessor, like BARR, and is the only assessment that produces a validated certification report. With extensive experience in healthcare audit services, we’ll help your organization through the HITRUST CSF assessment process.

Questions about HITRUST? Check out our HITRUST FAQs page!


Benefits of HITRUST Certification

Stay up-to-date on the latest security risks.

Differentiate your business from the competition.

Secure trust among stakeholders.

Decrease risk of data loss or breach.

Get access to ongoing improvement plans with interim assessments.

Peace of mind knowing patient data is protected.

How It Works

Phase I  HITRUST Readiness Assessment

A readiness assessment is recommended prior to the validated assessment in order to identify control weaknesses that need correction. Deliverables from the readiness assessment include:

  • Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls
  • Control gaps and areas of improvement
  • Prioritized observations and recommendations for remediation
  • The advantage of performing a readiness assessment prior to a HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities.

Phase II HITRUST Validated Assessment

The validated assessment includes a number of testing procedures to ensure compliance gaps have been appropriately identified and controls are implemented and operating effectively. Testing procedures include:

  • Walkthroughs with personnel interviews to verify policies and procedures are documented
  • Inspection of CSF-relevant policies and procedures to verify adequate coverage of CSF requirements
  • Technical testing to validate the implementation of relevant controls
  • Observation of relevant controls and control processes
  • Inspection of mechanisms used to manage relevant controls

Why BARR for HITRUST Compliance

  • As a HITRUST Authorized External Assessor, BARR provides a collaborative, hands-on approach tailored your company’s unique needs
  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare, and government
  • BARR provides an easy-to-use project management tool that integrates seamlessly into your infrastructure
  • Nearly 100% client retention rate
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

Open House

Join us any Tuesday (or every Tuesday!) from 11 a.m. to noon CST for an open Q&A and discussion of the process and benefits of obtaining a HITRUST Certification. As a company that handles ePHI, having a HITRUST Certification demonstrates your commitment to managing risk and securing protected healthcare information.

Sign Up for An Open House

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

HITRUST Resources

Our Approach

Get a look at key steps and deliverables you can expect when partnering with BARR for your HITRUST CSF Certification.

Click to Download PDF


Learn how BARR tailors the HITRUST CSF Certification process to your unique needs.

Click to Download PDF

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.