HITRUST Assessment Certification

Getting certified is hard. We’ll make sure you’re successful.




On-Time Delivery

HITRUST Assessment Certification

HITRUST is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
Obtaining HITRUST Certification enables organizations to meet the needs of clients, to stay competitive in their market, and to enhance their security posture.

Don’t waste time on an audit that leaves you uncertified.

What if you spend all this time preparing but don’t get your certification?

What if you have to re-do something because your audit wasn’t thorough enough?

What if your audit partner isn’t experienced enough to guide you through the complexities of getting your HITRUST certification?


Work with a partner that gets you certified.

We believe if you are going to pursue a HITRUST certification, it should be worth it.

Quality Testing

Quality Testing

Assurance doesn’t come from a checklist. It requires a diligent examination of your unique environment from trusted cybersecurity experts to know your controls are effective. Be sure your audit gives you the results you deserve.

Interactive Platform

Compliance can’t be put on autopilot. With the Online Audit Manager, onsite visits, and direct communication with a dedicated team of security professionals, your KP audit experience will make sure your audit is worth it.


Experienced Auditors

Confidence comes from experience. Our auditors have been in the industry, in your exact positions, and are passionate about making sure your audit is successful and maybe even fun. And they have a lot of certifications.


Hit Your Deadlines

On-time delivery is a given. Everyone has different deadlines, but our process will make sure you meet yours. When you partner with KirkpatrickPrice, you’ll never have to sacrifice quality because of a deadline


  • What are the different types of HITRUST assessments?

    HITRUST has two types: self-assessment and validated assessment. Choosing what type of HITRUST assessment to do can be a daunting task, especially when an organization is doing this audit for the first time. HITRUST assessment options include:

    SOC 2 Type II with HITRUST Mapping – A SOC 2 Type II with HITRUST CSF mapping is an assessment that came from a collaboration between the AICPA and HITRUST. This assessment culminates in a SOC 2 report that includes a table that maps the selected Trust Services Criteria to HITRUST controls.

    SOC 2 Type II with HITRUST Criteria – A SOC 2 Type II audit can be performed using the HITRUST controls and criteria instead of the Trust Services Criteria. In this case, the organization still receives a SOC 2 report, not HITRUST certification.

    SOC 2 Type II and HITRUST Certification – When a SOC 2 Type II report and HITRUST certification is required, organizations have the ability to combine these two audits into one effort. At the end of the audit process, the organization receives both a SOC 2 Type II audit report and HITRUST validated report.

    HITRUST Self-Assessment – A HITRUST self-assessment is a great way to begin your HITRUST compliance. This option is your own evaluation and attestation of your organization’s compliance, completed in 90 days, and culminating in a report.

    HITRUST Validated Assessment (Certification) – A HITRUST validated assessment is performed by an approved Assessor, like KirkpatrickPrice. Validated assessments include a HITRUST self-assessment in which you answer questions and attest to your compliance, followed by an Assessor validating your controls against what you have said is in place, and HITRUST granting certification.

  • How much does a HITRUST assessment cost?

    Pricing for HITRUST assessments depends on scoping factors, including the number of applicable HITRUST requirement statements, applicable regulatory factors, complexity and size of the physical and technical environment, previous HITRUST history, the assessment type, third parties, number of records held, and if the assessment is combined with any other audits. Pricing will also vary based on the assessment and report type you choose, inclusion of a gap analysis, or inclusion of additional remediation time.

  • How long does a HITRUST take to complete?

    The average HITRUST engagement can take anywhere from weeks to months, depending on your level of preparedness and staff’s availability for interviews and control demonstration. To satisfy the requirements for a HITRUST engagement, the auditor must validate scope, perform testing procedures, and document conclusions. These steps require time from the service organization’s management, which can be compressed or extended to meet your timeline needs. You can save time by leveraging the Online Audit Manager to maintain the audit evidence you need for compliance.

  • How long is a HITRUST report valid? How often does a HITRUST assessment need to be performed?

    A HITRUST validated report is valid for two years, but what sets the HITRUST apart from other frameworks is that the audit process isn’t a one-time engagement. It’s a continuous work-in-progress to maintain compliance. Recognizing this, part of the HITRUST certification process includes an interim assessment, a review that takes place exactly a year after the initial HITRUST validated assessment takes place.

Get started today.

At KirkpatrickPrice, you’ll have a partner guide you from audit readiness to final report so you get the assurance you deserve.

Get Ready for your Audit

Whether you’ve never been through an audit or completed hundreds, our experts will prepare and empower you to successfully start and complete your audit. With access to our free learning platform, you can run scans, see what you’re missing, prepare documentation, and get access to experts and resources. Then when you’re ready, you can use the same platform to complete your audit. You don’t need extra tools to do an audit..

Partner with an Expert

Our security experts have been in your shoes and know how overwhelming audits can be. Your dedicated specialist will walk you through the entire process from audit readiness to final report.

Show off your report

Get Certified

The certification process can feel overwhelming, but we make sure it’s worth it. By the end of the process, you will be proud of the work you did and know that it will make a difference in getting your certification.

Get Started with Audit Readiness

Audit Readiness Guide

Starting an audit is overwhelming.

Our Audit Readiness Guide will tell you what you need to know.

You know you need an audit, but don’t know what to expect or how to get started. This guide will prepare you for what will be tested and how to confidently begin your compliance journey.

Get the Guide

Make Sure You’re Ready

Make sure you’re ready to face today’s threats confidently. Sign up to receive expert tips and guidance from our monthly newsletter, The Readiness Report, right in your inbox!

Ready to Start Your Audit?

Wherever you are in your security journey, we’ll meet you there.

We’ve completed audits and security assessments for over 2,000 clients worldwide.

With locations in Atlanta, Bethesda, Chicago, Dallas, Los Angeles, Nashville, New York City, San Francisco, Seattle, and Tampa; KirkpatrickPrice experts are ready to help you achieve your goals.


Corporate Office
4235 Hillsboro Pike
Suite 300
Nashville, TN 37215