HITRUST in the Cloud

The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) was developed in collaboration with healthcare and information security professionals to provide a prescriptive framework to simplify security requirements. It is the most widely-adopted security framework in the U.S. healthcare industry. HITRUST offers a self-assessment and a validated assessment against the CSF. A validated assessment is conducted by a HITRUST Certified External Assessor, like BARR, and is the only assessment that produces a validated certification report. With extensive experience in healthcare audit services, we’ll help your organization through the HITRUST CSF assessment process.

Benefits of HITRUST Certification

Stay up-to-date on the latest security risks.

Differentiate your business from the competition.

Secure trust among stakeholders.

Decrease risk of data loss or breach.

Get access to ongoing improvement plans with interim assessments.

Peace of mind knowing patient data is protected.

How It Works

Phase I  HITRUST Readiness Assessment

A readiness assessment is recommended prior to the validated assessment in order to identify control weaknesses that need correction. Deliverables from the readiness assessment include:

  • Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls
  • Control gaps and areas of improvement
  • Prioritized observations and recommendations for remediation
  • The advantage of performing a readiness assessment prior to a HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities.

Phase II HITRUST Validated Assessment

The validated assessment includes a number of testing procedures to ensure compliance gaps have been appropriately identified and controls are implemented and operating effectively. Testing procedures include:

  • Walkthroughs with personnel interviews to verify policies and procedures are documented
  • Inspection of CSF-relevant policies and procedures to verify adequate coverage of CSF requirements
  • Technical testing to validate the implementation of relevant controls
  • Observation of relevant controls and control processes
  • Inspection of mechanisms used to manage relevant controls

Why BARR for HITRUST Compliance

  • As a HITRUST Authorized External Assessor, BARR provides a collaborative, hands-on approach tailored your company’s unique needs
  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare and government
  • BARR provides an easy-to-use project management tool that integrates seamlessly into your infrastructure
  • 100% referral and satisfaction rate from clients
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.