Defining HITRUST CSF Compliance

by Sarah Harvey / June 29th, 2017

Why Do You Need a HITRUST CSF Certification?

Have you just received “the letter” from a top client indicating you must become HITRUST CSF Certified within “X” months? Did your boss just you for a project timeline on how long it would take to become HITRUST CSF Certified? Do you need to know how to become HITRUST CSF Certified in order to stay competitive in the healthcare market? Are you are looking for a way to demonstrate compliance with the HIPAA Security Rule? Are you a business associate in the healthcare industry that keeps hearing about HITRUST CSF, but you’re not sure what it is or what it means to be compliant? If any of these apply to you, then this is the webinar for you! Download the full webinar to hear Jessie Skibbe’s expertise on HITRUST CSF requirements.


HITRUST is a not-for-profit organization founded in 2007, “born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.” HITRUST partners with public and private healthcare technology, privacy, and information security leaders. HITRUST develops, maintains, and provides broad access to its common risk and compliance management frameworks.


The HITRUST CSF is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. The framework was developed to provide a solution to increasing regulatory scrutiny, increasing risk and liability associated with data breaches, inconsistent implementation of minimum controls, and the rapidly changing business, technology, and regulatory environment. It is a healthcare industry standard that was built from what works within other standards and authoritative sources, like ISO 27001/27002, HIPAA, PCI DSS, NIST 800-53…just to name a few. It was also built on risk management principals. It aligns with existing, relative controls, and requirements. It’s scalable depending on organizational, system, and regulatory factors.

How do you get started?

  1. Familiarize yourself with the HITRUST CSF
  2. Select the assessment type and report option that is right for your organization
  3. Put together a project plan and assemble a team
  4. Contact HITRUST
  5. Engage with an approved HITRUST CSF Assessor who will fit your project plan

Have questions about HITRUST CSF requirements? Contact our team to have them answered. KirkpatrickPrice can assist you with SOC 2, SOC 2 +, SOC 2 + HITRUST CSF Certification, HITRUST CSF Certification, Assisted HITRUST CSF Self-Assessment, Policy and Procedure drafting, guided Risk Analysis, and general guidance/consulting.