Our Certified HITRUST CSF Practitioners thoroughly advise your team in identifying the appropriate administrative details and factors that will be used to create your organization’s HITRUST Self-Assessment. The collaboration in this initial scoping exercise ensures alignment with the business justification for the assessment and the expectations of the HITRUST Alliance.
It is also one of the most critical activities in our engagement as it identifies the number of control requirements you will need to comply with in order to become HITRUST Certified.
Next, the Intraprse Health team will guide your organization through its HITRUST Self-Assessment. Upon completion of the Self-Assessment, a list of Action Items for all 19 domains of the HITRUST CSF will be provided to improve overall compliance. The Action Items will include remediation suggestions, such as revisions to your organization’s specific responses as well as revisions to policy and process documentation.
During the remediation phase, your organization will be responsible for addressing the Action Items provided. Intraprise Health’s security experts will continue to meet with your organization’s primary point of contact on a recurring basis to identify remediation progress. When all Action Items have been addressed, Intraprise Health will perform an Adoption Review in preparation for the Validated Assessment.
Finally, Intraprise Health’s security team will perform an assessment of the completed Self-Assessment to validate compliance with the HITRUST CSF. We follow a rigid testing plan comprised of three elements for each requirement: the response, the score and the evidence. Once completed, Intraprise Health will submit the assessment to HITRUST via the MyCSF portal. Intraprise Health acts as the liaison with HITRUST throughout the entire submission and certification process.