Increasing data breaches, the sophistication and proliferation of cyber attacks, and continually expanding regulatory requirements have driven healthcare organizations to look for more formal mechanisms to validate information security controls across the enterprise. Since 2009, we have worked with our customers to implement cybersecurity frameworks such as NIST SP 800-53 and the HITRUST Common Security Framework (CSF).
As one of the first Certified HITRUST Assessors, we are 100% focused on healthcare. We offer the full lifecycle of HITRUST certification services delivered through a consistent, proven methodology refined by our depth, experience and industry leading track-record of successful certifications.
Our security framework assessment and adoption services, whether NIST or HITRUST, help our customers advance the maturity and effectiveness of their security programs to guard against internal and external threats–including those introduced by relationships with third parties and the proliferation of non-secure medical devices.
Our Certified HITRUST CSF Practitioners thoroughly advise your team in identifying the appropriate administrative details and factors that will be used to create your organization’s HITRUST Self-Assessment. The collaboration in this initial scoping exercise ensures alignment with the business justification for the assessment and the expectations of the HITRUST Alliance.
It is also one of the most critical activities in our engagement as it identifies the number of control requirements you will need to comply with in order to become HITRUST Certified.
Next, the Intraprise Health team will guide your organization through its HITRUST Self-Assessment. Upon completion of the Self-Assessment, a list of Action Items for all 19 domains of the HITRUST CSF will be provided to improve overall compliance. The Action Items will include remediation suggestions, such as revisions to your organization’s specific responses as well as revisions to policy and process documentation.
During the remediation phase, your organization will be responsible for addressing the Action Items provided. Intraprise Health’s security experts will continue to meet with your organization’s primary point of contact on a recurring basis to identify remediation progress. When all Action Items have been addressed, Intraprise Health will perform an Adoption Review in preparation for the Validated Assessment.
Finally, Intraprise Health’s security team will perform an assessment of the completed Self-Assessment to validate compliance with the HITRUST CSF. We follow a rigid testing plan comprised of three elements for each requirement: the response, the score and the evidence. Once completed, Intraprise Health will submit the assessment to HITRUST via the MyCSF portal. Intraprise Health acts as the liaison with HITRUST throughout the entire submission and certification process.