HITRUST CSF Assessment

HITRUST CSF reduces the costs and time associated with assessing compliance against multiple regulatory and security frameworks.

Failure to safeguard protected health information could lead to significant fines as well as civil monetary penalties. Developed to address the growing regulatory, privacy and security challenges health care organizations face, the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) provides a structure of controls and guidelines to help institutions protect their data and meet compliance demands—and mitigate against the serious financial and reputational risks.

HITRUST CSF certification is rapidly becoming a baseline requirement for business associates as covered entities require assurances of sufficient information protection. RSM is a designated HITRUST CSF assessor and is certified to help organizations that create, access, store or exchange protected health information.

RSM’s HITRUST CSF consultants have extensive experience evaluating organizational processes to help ensure they are compliant. Our teams also advise on how to improve controls. Our assessment services include:

  • Strategic advisor services: We help you evaluate your compliance requirements with security frameworks to develop an implementation and testing strategy and approach include HITRUST and other requirements.
  • Readiness review: We determine how ready your organization is to adopt HITRUST CSF, including reviewing documentation, interviewing managers and making general observations.
  • Self-assessment: We initiate an in-depth review and analysis of policies, procedures and documentation; interviews with staff; and testing of existing processes and controls.
  • Validated assessment: We perform an accurate, thorough and efficient measurement of controls and processes in relation to the HITRUST CSF, obtaining certification as applicable.
  • System and organization controls (SOC) and HITRUST guidance: Through the collaboration of the American Institute of Certified Public Accounts with HITRUST, we can combine our efforts to leverage HITRUST CSF controls into SOC 2 attestations to streamline the audit and assessment process and can express an opinion on SOC 2 controls within the same HITRUST validated assessment report.