HITRUST Certification

OUR GOAL:
To guide customers through a facilitated, rigorous, and proven approach towards the goal of achieving compliance with the HITRUST CSF.

More than a service provider – we’re a long-term partner.

Tenure and Success Matter 

From its very beginning, Intraprise Health has been committed to becoming the leading HITRUST Assessor in the country and invested our resources to achieve this goal. 

In 2011, Intraprise Health became thefirst 100% healthcare-focused HITRUST Certified Assessor. Over the past nine years, we have worked to achieve HITRUST Certifications for a broad range of Business Associates (i.e. healthcare vendors)Health Systems, Payers and Health Information Exchanges.  

We have honed our approach and methodology to develop industry-leading expertise on CSF adoption and certificationIt is important to note that the difference between HITRUST and other frameworks is that achieving compliance is fundamentally an adoption, or consultative, exercise versus a point-in-time audit because it is the HITRUST Alliance not the Assessor that judges and grants the actual certification. We have designed our program and delivery of services from this foundational understanding which has resulted in our industry-leading track record of successful first-time certification submissions. 

HITRUST Leadership 

Out of almost 100 HITRUST Assessors, Intraprise Health is one of the very few Assessor firms to be awarded two (2) member seats on the national HITRUST Assessor Council. We are also one of five (5) Assessors to be chosen by HITRUST for a seat on the even more select Quality Assurance subcommittee. Assessors are chosen to be on the Quality Assurance subcommittee by HITRUST based upon the quality of their HITRUST submissions.

Our Certified Practitioner consultants are team of “HITRUST-ninjas”, and often work directly with the HITRUST Alliance to enhance the CSF including setting quality standards for the HITRUST CSF Assurance Program and Methodology. 

This type of recognition from the HITRUST Alliance is a manifestation of our combined experience, depth and proven excellence through our work with clients of all types, sizes and complexity seeking to become HITRUST Certified.   

Contact us for a complimentary scoping session. Learn the number of estimated controls your organization could have to adopt.

OUR PROCESS

Scoping

Following Kick-Off meeting, a secure collaboration site will be launched followed by procurement of a subscription to the HITRUST Alliance’s MyCSF Portal (*subscription purchased directly through HITRUST). Next, our team of HITRUST Certified Practitioners work with you to complete the Administrative Details and Factors questionnaire.  The purpose of this questionnaire is to ensure alignment with business objectives and be prepared to answer the scoping questions that will be presented in the MyCSF portal. This is a critical phase pf the process as it establishes the foundation for the remainder of the process and identifies the number of control requirements you will need to comply with in order to become HITRUST Certified. 

Assessment

After we have scoped your certification “object” and the number of applicable security controls, the Intraprise Health team will guide your organization through the HITRUST Self-Assessment. Upon completion of the Self-Assessment, a list of Action Items for all 19 domains of the HITRUST CSF will be provided resulting in a comprehensive plan of action to improve overall compliance towards your HITRUST Certification. The Action Items will include remediation suggestions, such as revisions to your organization’s specific responses as well as revisions to policy and process documentation. Our team will also provide certain tools which we have developed over the last 10 years to assist your team to perform its work through the following phases. 

 

Remediation

During the remediation phase, your organization will be responsible for addressing the Action Items provided in the work plan utilizing Domain Workbooks and tools provided to your team. But know that Intraprise Health leverages its depth, knowledge and expertise as one of the longest tenured HITRUST Assessors to deliver a consultative not an “auditor” approach to facilitate your progress through this phase. Intraprise Health’s HITRUST Practitioners will continue to meet with your organization’s primary point of contact on a recurring basis to identify remediation progress and assess readiness. When all Action Items have been addressed, Intraprise Health will perform an Adoption Review in preparation for the Validated Assessment. 

 *Customers looking for additional remediation assistance can engage directly with our Information Security Management Program (ISMP) team of consultants. 

Validation

As the first part of the final phase of the Certification journey, Intraprise Health will perform an Adoption Review which is our proprietary methodology to assess your readiness for certification submission to the HITRUST Alliance. This serves as a critical check-point so all are collectively prepared to submit with a high degree of confidence. Finally, Intraprise Health’s security team will perform a rigorous assessment of the completed assessment and remediation progress along with supporting evidence of implemented controls to validate HITRUST CSF compliance utilizing a proven rubric formulaFinallyIntraprise Health will package and submit the assessment to HITRUST via their MyCSF portal. Intraprise Health acts as the liaison with HTRUST throughout the entire submission and certification process.

CERTIFICATION MAINTENANCE

Interim Assessment

Maintaining your HITRUST Certification is an ongoing endeavor. A HITRUST Interim Assessment is due 12 months from the initial HITRUST Certification anniversary date. The Interim Assessment is a representation that a Qualified CSF Assessor (i.e., Intraprise Health) has performed an objective security assessment to evaluate whether you continue to demonstrate sustained compliance with the HITRUST CSF. 

Re-Certification

A HITRUST Validated Assessment for Re-Certification is due 24 months from the initial HITRUST Certification anniversary date. The Re-Certification is based on the then current version of the HITRUST CSF and follows a very similar process as the original certification. To ensure the meaningful adoption of the HITRUST CSF and to allow for strict adherence to the requirements of the HITRUST CSF Assurance Program, Intraprise Health structures our HITRUST Certification and Re-Certification engagements around the same four phases.  

 

For more information and details about the Interim, Re-Certification or Certification Maintenance programs please contact us. 

100

Healthcare focused

9

as HITRUST CSF Assessor

2009

Began providing healthcare Security, Privacy and Compliance services

Additional Resources