HITRUST

Demonstrate your commitment to compliance and provide confidence to your customers with HITRUST certification. 

A-LIGN knows HITRUST certification better than anyone. As one of the top HITRUST assessors in the world, we’ve helped more than one hundred clients successfully achieve HITRUST certification.  

We can help you during any part of your HITRUST journey.  

fedramp certified

Proper planning = HITRUST success

The HITRUST CSF is a comprehensive, flexible, and certifiable security framework used by organizations across multiple industries to efficiently approach regulatory compliance and risk management.

By pulling from major pre-existing frameworks and working with organizations to better understand their needs, HITRUST provides a complete, certifiable security and privacy standard. This standard gives customers confidence that their data and confidential information is secure.

The benefits of HITRUST Certification:

  • Satisfies regulatory requirements mandated by third-party organizations and laws 
  • Accelerates your revenue and market growth by differentiating your business from the competition
  • Saves time and money by leveraging a solid and scalable framework that includes multiple regulatory standards 

HITRUST services

Readiness assessment
e1 Assessment
i1 Assessment
r2 Assessment
Interim assessment testing
HITRUST risk & advisory services

Readiness assessment

We examine your organization’s environment and flow of data between systems that are in-scope, identify gaps for control, and provide recommendations for remediation.

Validated 1-Year (e1) Assessment

The e1 is the cybersecurity essentials assessment with 44 control requirements and is meant for low-risk organizations that want to ensure they are maintaining good cybersecurity hygiene.

Implemented 1-Year (i1) Assessment

The i1 Assessment is suitable for moderate assurance and results in a 1-year certification if requirements are met. There are 219 static controls in an i1 Assessment and only the Implemented maturity is tested. Once your assessment has been submitted to myCSF, we will review, validate and submit the assessment to HITRUST for approval.

 

Risk-Based 2-Year (r2) Assessment

This validated assessment focuses on a comprehensive risk-based specification of controls with a very rigorous approach to evaluation, suitable for high assurance requirements. A minimum of three of five maturities must be addressed during the r2 Assessment, Policy, Process, and Implemented. This certification is issued for two years with an Interim Assessment required during the one-year anniversary of the certification. Similar to the i1 Assessment, we will review and validate your assessment scores and will submit your final assessment to HITRUST for approval.

Interim assessment testing

If an r2 assessment was completed we will test a subset of requirements including 19 controls from the prior r2 assessment and determine the progress of any Corrective Action Plans. This ensures the ongoing effectiveness of those controls to identify and document any scope changes that may impact your HITRUST certification.

HITRUST risk & advisory services

The A-LIGN Advisory Team will review your company’s policy and procedure documents and evaluate them against the HITRUST CSF standard. We will share any gaps identified and will remediate those gaps by updating and documenting the policies and procedures accordingly to meet the HITRUST CSF specifications. If your company needs policies and procedures created, we can design and document those appropriately after performing interviews to understand the control environment. We can also assist in documenting non-technical controls such as Risk Assessment, Incident Response, Disaster Recovery, and more.

Why A-LIGN

500+ HITRUST assessments
900+ HIPAA assessments
300+ HITRUST clients
certified

Achieving HITRUST Certification as quickly and efficiently as possible at a minimal cost was really key for us.”

Jason Wheeler

VP of Cyber and Network Security at HealthBridge

Working with A-LIGN is a partnership. You’re not my vendor. You’re not somebody I tell what to do or you tell me what to do. You’re somebody who cares about my business.”

Angela Loehr Merek

VP of Account Services at Welvie

A-LIGN did a phenomenal job and I was incredibly impressed with the auditing process. Their auditors made it easy for us and Solera has become A-LIGN’s biggest fan!”

Bruce Hoffman

Chief Compliance Officer at Solera Health

The A-LIGN team has been awesome. I have recommended A-LIGN more times than I can count.”

James Goff

Head of IT Security at Nuxeo
FEATURED CASE STUDY

HealthBridge Boosts Compliance Program with HITRUST Certification

If you’re going to serve patients and healthcare providers, they need to trust that their data is safe. HealthBridge, a healthcare payments organization based in Grand Rapids, Michigan is steadfast in their commitment to protecting the confidentiality, integrity, and availability of sensitive data. To maintain the highest security and privacy standards in their operations, HealthBridge decided to pursue HITRUST r2 Certification with A-LIGN.

VIEW CASE STUDY
A-LIGN and Healthcare - Case Study
Gradient Map 3 blue

Get started with A-LIGN

Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.