HITRUST Assessment Certification
HITRUST is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
Obtaining HITRUST Certification enables organizations to meet the needs of clients, to stay competitive in their market, and to enhance their security posture.
“KirkpatrickPrice has made the audit process more efficient with the tools and partnership mentality that they bring to the table.”
– Director of Security, Compliance, and Technology, Connectria Hosting
Expertise is one of the best things we’ve gotten out of working with KirkpatrickPrice. Their auditors have been helpful in navigating through the audit and beyond. They’ve made themselves available as resources to assess the impact of changes to our controls and infrastructure.
– Security and Compliance Manager, CBOSS
Every time I leave an engagement with the KirkpatrickPrice team, I leave enlightened and it helps our organization mature towards the point we know we should be.
– CISO and VP of Cloud Operations, Health Catalyst
Whether you’ve never been through an audit or completed hundreds, our experts will prepare and empower you to successfully start and complete your audit. With access to our free learning platform, you can run scans, see what you’re missing, prepare documentation, and get access to experts and resources. Then when you’re ready, you can use the same platform to complete your audit. You don’t need extra tools to do an audit..
Our security experts have been in your shoes and know how overwhelming audits can be. Your dedicated specialist will walk you through the entire process from audit readiness to final report.
The certification process can feel overwhelming, but we make sure it’s worth it. By the end of the process, you will be proud of the work you did and know that it will make a difference in getting your certification.
Starting an audit is overwhelming.
Our Audit Readiness Guide will tell you what you need to know.
You know you need an audit, but don’t know what to expect or how to get started. This guide will prepare you for what will be tested and how to confidently begin your compliance journey.
Get the Guide
HITRUST CSF FAQs
What are the different types of HITRUST assessments?
HITRUST has two types: self-assessment and validated assessment. Choosing what type of HITRUST assessment to do can be a daunting task, especially when an organization is doing this audit for the first time. HITRUST assessment options include:
SOC 2 Type II with HITRUST Mapping – A SOC 2 Type II with HITRUST CSF mapping is an assessment that came from a collaboration between the AICPA and HITRUST. This assessment culminates in a SOC 2 report that includes a table that maps the selected Trust Services Criteria to HITRUST controls.
SOC 2 Type II with HITRUST Criteria – A SOC 2 Type II audit can be performed using the HITRUST controls and criteria instead of the Trust Services Criteria. In this case, the organization still receives a SOC 2 report, not HITRUST certification.
SOC 2 Type II and HITRUST Certification – When a SOC 2 Type II report and HITRUST certification is required, organizations have the ability to combine these two audits into one effort. At the end of the audit process, the organization receives both a SOC 2 Type II audit report and HITRUST validated report.
HITRUST Self-Assessment – A HITRUST self-assessment is a great way to begin your HITRUST compliance. This option is your own evaluation and attestation of your organization’s compliance, completed in 90 days, and culminating in a report.
HITRUST Validated Assessment (Certification) – A HITRUST validated assessment is performed by an approved Assessor, like KirkpatrickPrice. Validated assessments include a HITRUST self-assessment in which you answer questions and attest to your compliance, followed by an Assessor validating your controls against what you have said is in place, and HITRUST granting certification.
How much does a HITRUST assessment cost?
Pricing for HITRUST assessments depends on scoping factors, including the number of applicable HITRUST requirement statements, applicable regulatory factors, complexity and size of the physical and technical environment, previous HITRUST history, the assessment type, third parties, number of records held, and if the assessment is combined with any other audits. Pricing will also vary based on the assessment and report type you choose, inclusion of a gap analysis, or inclusion of additional remediation time.
How long does a HITRUST take to complete?
The average HITRUST engagement can take anywhere from weeks to months, depending on your level of preparedness and staff’s availability for interviews and control demonstration. To satisfy the requirements for a HITRUST engagement, the auditor must validate scope, perform testing procedures, and document conclusions. These steps require time from the service organization’s management, which can be compressed or extended to meet your timeline needs. You can save time by leveraging the Online Audit Manager to maintain the audit evidence you need for compliance.
How long is a HITRUST report valid? How often does a HITRUST assessment need to be performed?
A HITRUST validated report is valid for two years, but what sets the HITRUST apart from other frameworks is that the audit process isn’t a one-time engagement. It’s a continuous work-in-progress to maintain compliance. Recognizing this, part of the HITRUST certification process includes an interim assessment, a review that takes place exactly a year after the initial HITRUST validated assessment takes place.
Make Sure You’re Ready
Make sure you’re ready to face today’s threats confidently. Sign up to receive expert tips and guidance from our monthly newsletter, The Readiness Report, right in your inbox!
We’ve completed audits and security assessments for over 2,000 clients worldwide.
With locations in Atlanta, Bethesda, Chicago, Dallas, Los Angeles, Nashville, New York City, San Francisco, Seattle, and Tampa; KirkpatrickPrice experts are ready to help you achieve your goals.
4235 Hillsboro Pike
Nashville, TN 37215