HITRUST Assessment Services

HITRUST CSF from preparation to certification

Demonstrate cybersecurity and healthcare regulatory compliance

Adobe Stock 941646518 Web copy

Work with an original HITRUST external assessor to attain certification

Coalfire® is a preferred HITRUST assessor for the top five cloud service providers (CSPs), guiding clients from HITRUST preparation to certification. With expertise in all active versions and assessment types of the HITRUST Common Security Framework (CSF), Coalfire has completed hundreds of engagements and boasts a 95% client retention rate—making it a trusted choice for organizations seeking reliable HITRUST assessments.

HITRUST assessment and certification services

e1 HITRUST Essentials, 1-Year Assessment

The e1 assessment covers 44 requirement statements that encapsulate a curated set of cybersecurity controls deemed foundational or representing "essential cybersecurity hygiene." This assessment is particularly suited for lower-risk organizations seeking validation of critical cybersecurity controls. It offers a cost-effective and targeted approach, focusing on foundational cybersecurity hygiene, making it an ideal entry point for small to medium-sized organizations with basic compliance needs.

i1 HITRUST Implemented, 1-Year Assessment

The i1 assessment expands upon the e1 framework and encompasses 182 requirement statements, incorporating the initial 44 from the e1 assessment supplemented by an additional 138 statements. These additional requirements address cybersecurity best practices and a broader spectrum of active cyber threats. The i1 assessment benefits organizations with established information security programs ready to demonstrate the implementation of controls against current and emerging threats. It offers a moderate level of assurance and balances thoroughness with efficiency, making it suitable for organizations that are seeking to enhance their security posture without the extensive commitment required for the r2 assessment.

To maintain the i1 assessment, in year 2, Coalfire conducts rapid recertification of 60 requirements.

r2 HITRUST Risk-Based, 2-Year Assessment

The r2 assessment is the most comprehensive, built on the 182 i1 requirement statements with additional criteria included through a tailored process, usually resulting in a minimum of 275 requirements. This assessment is ideal for environments with higher risk exposure, such as large data volumes or stringent regulatory compliance needs. The r2 assessment provides a high level of assurance with a focusing on comprehensive risk-based control specifications, expanded risk management, and compliance evaluation. It is best suited for large organizations or those in highly regulated industries that need to demonstrate the highest level of compliance and security assurance.

To maintain HITRUST r2 certification status, an r2 interim assessment must be completed by the first anniversary of the initial certification date.

Assess Readiness

Coalfire Gap Analysis: Coalfire’s HITRUST gap analysis evaluates an organization's current policies, procedures, and control implementation against in-scope HITRUST requirements, focusing on:

Comprehensive Analysis: Documentation review, interviews, inventory gathering, evidence, and sampling requests.

Maturity Level Identification: Identifies gaps in policy, procedure, and implementation maturity levels where scores fall below 100%.

Assessment Outputs: Provides a gap analysis workbook detailing in-scope requirements, the gaps identified, and a HITRUST executive gap analysis report with summary information such as which domains are at high-risk for not achieving scores required for certification if remediation does not occur.

A gap analysis which includes an assessment of policy and procedure documentation reveals shortcomings in the documentation required for certification, in addition to the implementation gaps.

Remediate Gaps

Organizations’ needs for remediation and support differ significantly, and Coalfire’s role is to guide and assist your team through all phases of the HITRUST process. For a successful HITRUST validated assessment leading to certification, we advise enlisting our HITRUST subject matter experts to review and assist in determining remediation plans for any gaps from the initial analysis, helping to ensure robust control implementation. This foundation is crucial for aligning your organization's policies, procedures, and controls with HITRUST standards and achieving certification readiness. 

HITRUST AI Risk Management Assessment

The HITRUST AI Risk Management Assessment ensures that governance associated with implementing AI solutions is in place and can be effectively communicated by companies to management teams, boards of directors, and others. The HITRUST AI Risk Management Assessment is fully supported by a complete assessment approach, SaaS platform, and ecosystem that AI-adopting companies can use to demonstrate that AI risk management outcomes are met. The offering provides an essential toolkit for benchmarking and reporting on the AI risk management efforts for any organization using or deploying AI-based technologies such as ML and LLMs.

HITRUST and coordinated assessments

Leveraging our expertise across many frameworks and Compliance Essentials, we can examine and report on controls with HITRUST and other frameworks to reduce audit fatigue and provide a combined report. 

In addition to this Coalfire is a partner with HITRUST and StateRAMP for pilot testing. 

Experienced external assessor with technology expertise to help achieve seamless compliance

People + Tech

Coalfire has been an external assessor firm for over 13 years and is the preferred HITRUST assessor for the top 5 cloud service providers. We deliver hundreds of engagements annually. 

13 Years of experience as an external assessor firm

95% Client retention rate from our engagements

People

Our HITRUST certified experts serve on the HITRUST External Assessors Council. They maintain a strong relationship with HITRUST Alliance and regularly participate in the annual HITRUST conference. 

Platform

We can help you coordinate assessments across more than 75 compliance frameworks using our Compliance Essentials compliance automation platform.

Outcome

Simplify and accelerate health care compliance by working with an experienced team and utilizing technology expertise.  

Frequently asked questions