Compliance Glossary

The HITRUST Common Security Framework (CSF) is a certifiable framework that integrates and harmonizes multiple various regulatory requirements, standards, and best practices related to information security and data protection. Developed by the Health Information Trust Alliance (HITRUST), it aims to secure data in heavily regulated industries like healthcare.

HITRUST organizations certification can be obtained through a third party assessment that confirms with the CSF standards. HITRUST offers two certification options: the Implemented, 1-Year (i1) Validated Assessment and the Risk-Based, 2-Year (r2) Validated Assessment. 

The construction industry certifying organizations must be in a position to decide which certification path to undertake. Overall, the Response Management question set is designed to be more challenging than the Basic question set, but the HITRUST Further Readiness Assessment is recommended to prepare for either the i1 or the r2 Validated Assessment. 

Follow these steps to be certified:

• Download the HITRUST CSF framework at no cost to identify your security and privacy controls. Start exploring today.
• Undergo a HITRUST Readiness Assessment to determine your organization’s risk profile and make a list of deficiencies. This one is used to interact with a HITRUST Authorized External Assessor firm.
• Leveraging on the HITRUST MyCSF platform to prepare for a HITRUST i1 or r2 Assessment leaves you ready for a Validated Assessment and accurate risk or compliance results.
• Get your HITRUST Certification after passing the Validated Assessment, to ensure that the results were checked by the HITRUST’s Assurance and Compliance departments.
• Renew your certification with an interim exam taken within a year for r2 certification, and i1 is also certified for one year without an interim exam.