HITRUST is granting organizations the ability to gain a 90-day grace period to demonstrate continuous compliance with its new Bridge Assessment.
COVID-19 has changed the world as we know it. One of the most immediate impacts has been the widespread adoption of work from home policies — organizations including Twitter and Facebook have even made the move to permanently enable remote work. Likewise, when it comes to compliance, most frameworks have suspended or eliminated the requirement for on-site assessments, allowing for remote audits. In fact, HITRUST was one of the first Standard Organizations to do so.
HITRUST announced its new Bridge Assessment/Certificate on April 15, 2020 to help organizations overcome the challenge of maintaining HITRUST CSF Certification due to COVID-19 disruption. Some examples of this disruption include operational and logistical limitations, shifting priorities or discretionary budget cuts. Many organizations are finding it difficult to meet their HITRUST CSF Validated Assessment due dates, which may negatively impact their client relationships or membership in industry initiatives.
In essence, HITRUST is allowing organizations to file a 90-day extension—similar to a tax extension with the IRS. The HITRUST Bridge Assessment is a solution for organizations to demonstrate continuous compliance through effective controls and progress toward their next assessment, without increasing costs or duplicating effort. Organizations have 90 days to create a Bridge Assessment, up to 60 days prior to its existing CSF Certification expiration, or 30 days after, which is valid for 90 days from the expiration date of its previous HITRUST CSF Certification.
According to HITRUST, the Bridge Assessment will randomly select 19 requirement statements to be tested by an authorized external assessor, such as A-LIGN. The most productive benefit of the Bridge Assessment is that whatever 19 requirements are randomly selected will not have to be re-tested during the delayed assessment, which eliminates duplicate work.
A-LIGN understands the value of eliminating duplicate work. Our compliance management platform, A-SCEND, enables organizations to embrace strategic compliance by centralizing evidence collection and standardizing compliance requests, making it possible to consolidate multiple audits at once. A-LIGN streamlines the compliance process, from HITRUST and HIPAA to ISO, SOC and PCI.
Contact A-LIGN today to learn how our team of qualified assessors can help you navigate the HITRUST Bridge Assessment.