HITRUST compliance

A tailored HITRUST CSF implementation plan that fits your organization's structure and culture.

Contact our risk team

Demonstrating adherence to multiple security frameworks

If you are looking to streamline risk compliance efforts, you are in good company. More and more organizations are adopting the HITRUST Common Security Framework as it encompasses multiple security and privacy frameworks, as well as regulatory requirements, under one umbrella. The movement to adopt HITRUST is quickly expanding as many insurance payers, hospitals and health systems require their vendors to achieve HITRUST CSF certification as part of their third-party risk management efforts.

Developing a successful HITRUST plan

HITRUST CSF adoption has rapidly become a standard requirement within the greater health care ecosystem. With the rise of cybersecurity awareness and the management of third-party business risk, organizations are increasingly requiring formal assurances that sufficient information protection programs are implemented.

Comprehensive services to help meet HITRUST guidelines

RSM US LLP is a public accounting firm, allowing our advisors to express an opinion in a System and Organization Controls (SOC) 2 report, as well as conduct a HITRUST CSF validated assessment for certification, allowing for a SOC 2 + HITRUST report.

Deep HITRUST CSF experience and knowledge

When you need outside assistance, it is important to choose the right advisor. RSM understands the issues you face and will work with you to tailor a HITRUST CSF implementation plan that fits your organization's structure and culture.

Experience the power of being understood by working with RSM. Contact us about our HITRUST CSF services today.

RSM helps our clients with the interpretation of the ever-changing HITRUST software, framework and requirements with the following suite of services:

: RSM can complete a HITRUST readiness assessment on behalf of your organization. We initiate an in-depth review and analysis of policies, procedures and documentation, interview staff and test existing processes and controls in order to fully populate the MyCSF tool and assign a maturity score to each requirement statement.

: RSM can assist management in implementing the HITRUST CSF as the organization security framework. Adopting this framework can be achieved without subscribing to HITRUST or pursuing certification.

: RSM can complete an interim assessment as required by the HITRUST Alliance at the end of the first year of the two-year HITRUST CSF certification period.

: By utilizing the HITRUST CSF, the HITRUST Alliance now offers a NIST CSF certification. RSM can complete the procedures needed to certify your adoption of the NIST CSF within the HITRUST web-based application.

: Often referred to as a gap assessment. RSM determines how ready your organization is to adopt the HITRUST CSF. This evaluation includes interviewing key stakeholders and reviewing select processes to evaluate the security posture of your organization.

: We work with your organization to plan and guide a reasonable path to the adoption of the HITRUST CSF within your organization. This relationship includes strategic planning and education, executive presentations and budgeting, project management, road map development, continual compliance checks, remediation assistance, policy development and readiness assessment assistance.

: As your certified external assessor firm, RSM can complete an accurate, thorough and efficient measurement of controls and requirement statements in relation to the HITRUST CSF, and manage the HITRUST Alliance quality assurance process to obtain certification as applicable.

Recent insights from our cybersecurity professionals

See all risk, fraud and cybersecurity insights

Additional insights and solutions to achieve your organization’s goals

More services and insights to help your organization succeed

Contact our risk, fraud and cybersecurity professionals

Complete this form and an RSM representative will be in touch shortly.

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights to help your organization manage risk.

THE POWER OF BEING UNDERSTOOD

AUDIT | TAX | CONSULTING

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.

Featured topics

Real Economy publications

Platform user insights and resources

About us

Experience RSM

Spotlight on culture

Work with us