HITRUST
Demonstrate your commitment to compliance and provide confidence to your customers with HITRUST certification.
A-LIGN knows HITRUST certification better than anyone. As one of the top HITRUST assessors in the world, we’ve helped more than one hundred clients successfully achieve HITRUST certification.
We can help you during any part of your HITRUST journey.
Proper planning = HITRUST success
The HITRUST CSF is a comprehensive, flexible, and certifiable security framework used by organizations across multiple industries to efficiently approach regulatory compliance and risk management.
By pulling from major pre-existing frameworks and working with organizations to better understand their needs, HITRUST provides a complete, certifiable security and privacy standard. This standard gives customers confidence that their data and confidential information is secure.
The benefits of HITRUST Certification:
- Satisfies regulatory requirements mandated by third-party organizations and laws
- Accelerates your revenue and market growth by differentiating your business from the competition
- Saves time and money by leveraging a solid and scalable framework that includes multiple regulatory standards
Your dedicated resource for HITRUST AI services
As AI adoption accelerates, the need for responsible governance and risk management becomes crucial. HITRUST’s AI Risk Management Assessment and AI Cybersecurity Assessment provide structured approaches to evaluate and manage AI-related risks, ensuring secure, transparent, and ethical AI practices for organizations across all sectors – not just healthcare.
HITRUST services
Readiness assessment
We examine your organization’s environment and flow of data between systems that are in-scope, identify gaps for control, and provide recommendations for remediation.
Validated 1-Year (e1) Assessment
The e1 is the cybersecurity essentials assessment with 44 control requirements and is meant for low-risk organizations that want to ensure they are maintaining good cybersecurity hygiene.
Implemented 1-Year (i1) Assessment
The i1 Assessment is suitable for moderate assurance and results in a 1-year certification if requirements are met. There are 219 static controls in an i1 Assessment and only the Implemented maturity is tested. Once your assessment has been submitted to myCSF, we will review, validate and submit the assessment to HITRUST for approval.
Risk-Based 2-Year (r2) Assessment
This validated assessment focuses on a comprehensive risk-based specification of controls with a very rigorous approach to evaluation, suitable for high assurance requirements. A minimum of three of five maturities must be addressed during the r2 Assessment, Policy, Process, and Implemented. This certification is issued for two years with an Interim Assessment required during the one-year anniversary of the certification. Similar to the i1 Assessment, we will review and validate your assessment scores and will submit your final assessment to HITRUST for approval.
Interim assessment testing
If an r2 assessment was completed we will test a subset of requirements including 19 controls from the prior r2 assessment and determine the progress of any Corrective Action Plans. This ensures the ongoing effectiveness of those controls to identify and document any scope changes that may impact your HITRUST certification.
HITRUST risk & advisory services
The A-LIGN Advisory Team will review your company’s policy and procedure documents and evaluate them against the HITRUST CSF standard. We will share any gaps identified and will remediate those gaps by updating and documenting the policies and procedures accordingly to meet the HITRUST CSF specifications. If your company needs policies and procedures created, we can design and document those appropriately after performing interviews to understand the control environment. We can also assist in documenting non-technical controls such as Risk Assessment, Incident Response, Disaster Recovery, and more.
HITRUST AI cybersecurity assessment
This assessment helps organizations manage AI-related cybersecurity risks and integrates with HITRUST e1, i1, and r2 assessments via the “Cybersecurity for AI Systems” compliance factor in MyCSF. Based on ISO/IEC 23894:2023 and the NIST AI Risk Management Framework, it includes 51 controls for AI governance.
The assessment provides a report with strengths and improvement areas, adaptable for various AI stages, supporting self-assessment or HITRUST validation. A-LIGN offers readiness assessments and certification submissions to HITRUST.
HITRUST AI risk management assessment
This assessment provides a structured approach to managing AI-related risks, supporting responsible AI governance. The HITRUST AI Cybersecurity Assessment includes tailored controls for AI challenges, based on multiple authoritative sources, and allows control inheritance from AI solution providers.
Why A-LIGN
A-LIGN uniquely delivers a single-provider approach as a HITRUST CSF Assessor firm, Qualified Security Assessor Company, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, accredited FedRAMP 3PAO and licensed CPA firm.
FEATURED CASE STUDY
HealthBridge Boosts Compliance Program with HITRUST Certification
If you’re going to serve patients and healthcare providers, they need to trust that their data is safe. HealthBridge, a healthcare payments organization based in Grand Rapids, Michigan is steadfast in their commitment to protecting the confidentiality, integrity, and availability of sensitive data. To maintain the highest security and privacy standards in their operations, HealthBridge decided to pursue HITRUST r2 Certification with A-LIGN.
Get started with A-LIGN
Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.