CRI’s 4-Step Process

Basics

Understanding the HITRUST process and use of the MyCSF tool is a key aspect of beginning the HITRUST certification process. CRI’s wide range of industry expertise in healthcare, finance, insurance, governmental, and more, coupled with certified HITRUST assessors, creates a winning combination of communication and technical skills to guide you through the HITRUST process.

Preparation

Downloading the latest version of HITRUST CSF will help you familiarize yourself with the requirements and consider areas you may need to create or update controls. By reviewing the testing requirements and considering the maturity level of your current controls, you will prepare yourself to complete an accurate self-assessment.

Self-Assesment

A key step in your HITRUST certification process is completing a self-assessment to help understand any gaps you may have in the HITRUST certification requirements. CRI will review your self-assessment and provide recommendations for remediation strategies.

Certification

With CRI as your trusted assessor, we will assist you in purchasing a validated assessment from HITRUST. After you complete the validated assessment using the MyCSF tool, CRI will be able to perform the validation and audit work necessary to take the next steps. Following the completion of this process, you will submit your processes to HITRUST for review. HITRUST will create a report and, depending on the scores in the report, will issue a letter of certification.

Top 3 Reasons to Consider a HITRUST CSF Assessor

Protect your customer’s private and confidential data

Maintain compliance

Save time, money, and headaches

HITRUST now offers more! Healthcare providers are able to verify that their organization has met all of the industry-defined certification requirements of the HITRUST CSF. With HITRUST CSF, organizations are able to demonstrate ‘compliance’ with NIST—a fact that was recognized recently in a 2018 Government Accountability Office (GAO) Report to Congressional Committees on Critical Infrastructure Protection. Not only does NIST support the development of third-party certification programs but HITRUST now has a program certifying an organization’s implementation of the Framework. Integrating the New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) into the HITRUST CSF enables the financial industry to leverage the framework to achieve better cybersecurity resilience and protection. The Requirements for Financial Services Companies affect not only financial institutions but also healthcare organizations such as health insurers and their business associates. Incorporation of the EU General Data Protection Regulation (GDPR) is part of HITRUST’s initiative towards internationalization of the CSF and increased support for global organizational privacy programs. The updated framework allows organizations to easily manage and report on the controls intended to address GDPR requirements.

Industries We Serve

Ask a Question

CRInsights

HITRUST Brochure