HITRUST compliance services

Demonstrating adherence to multiple security frameworks

If you are looking to streamline risk compliance efforts, you are in good company. More and more organizations are adopting the HITRUST Common Security Framework as it encompasses multiple security and privacy frameworks, as well as regulatory requirements, under one umbrella. The movement to adopt HITRUST is quickly expanding as many insurance payers, hospitals and health systems require their vendors to achieve HITRUST CSF certification as part of their third-party risk management efforts.

Developing a successful HITRUST plan 

HITRUST CSF adoption has rapidly become a standard requirement within the greater health care ecosystem. With the rise of cybersecurity awareness and the management of third-party business risk, organizations are increasingly requiring formal assurances that sufficient information protection programs are implemented.

Comprehensive services to help meet HITRUST guidelines

RSM helps our clients with the interpretation of the ever-changing HITRUST software, framework and requirements with the following suite of services:

  • Strategic advising: We work with your organization to plan and guide a reasonable path to the adoption of the HITRUST CSF within your organization. This relationship includes strategic planning and education, executive presentations and budgeting, project management, road map development, continual compliance checks, remediation assistance, policy development and readiness assessment assistance. 
  • Rapid Assessment®: Often referred to as a gap assessment. RSM determines how ready your organization is to adopt the HITRUST CSF. This evaluation includes interviewing key stakeholders and reviewing select processes to evaluate the security posture of your organization. 
RSM HITRUST Methodology
  • Facilitated readiness assessment: RSM can complete a HITRUST readiness assessment on behalf of your organization. We initiate an in-depth review and analysis of policies, procedures and documentation, interview staff and test existing processes and controls in order to fully populate the MyCSF tool and assign a maturity score to each requirement statement. 
  • Validated assessment: As your certified external assessor firm, RSM can complete an accurate, thorough and efficient measurement of controls and requirement statements in relation to the HITRUST CSF, and manage the HITRUST Alliance quality assurance process to obtain certification as applicable.
  • Interim assessment: RSM can complete an interim assessment as required by the HITRUST Alliance at the end of the first year of the two-year HITRUST CSF certification period.
  • NIST Cybersecurity Framework Certification: By utilizing the HITRUST CSF, the HITRUST Alliance now offers a NIST CSF certification. RSM can complete the procedures needed to certify your adoption of the NIST CSF within the HITRUST web-based application.
  • HITRUST framework adoption: RSM can assist management in implementing the HITRUST CSF as the organization security framework. Adopting this framework can be achieved without subscribing to HITRUST or pursuing certification. 

RSM US LLP is a public accounting firm, allowing our advisors to express an opinion in a System and Organization Controls (SOC) 2 report, as well as conduct a HITRUST CSF validated assessment for certification, allowing for a SOC 2 + HITRUST report. 

Deep HITRUST CSF experience and knowledge

When you need outside assistance, it is important to choose the right advisor. RSM understands the issues you face and will work with you to tailor a HITRUST CSF implementation plan that fits your organization's structure and culture.

Experience the power of being understood by working with RSM. Contact us about our HITRUST CSF services today.