HITRUST Services

Many clients serving the Healthcare industry are required by partners, consumers, and other businesses to prove the security around the Protected Health Information (PHI) they receive, store, and use.

In healthcare, HITRUST is the best-in-class certification to highlight an organization’s strategic focus on information security and privacy.

Forvis Mazars offers various HITRUST services to help meet your organization’s needs:

• HITRUST Essentials, 1-year (e1)® Assessment: This Assessment focuses on entry-level assurance for the most critical cybersecurity controls and verifies that cybersecurity protocols are in place.

• HITRUST Implemented, 1-year (i1)® Assessment: This Assessment offers a moderate level of cybersecurity assurance focusing on the most current practices and broad-range active cyberthreats compared to the e1 Assessment.

• HITRUST Readiness Assessment: This Assessment helps evaluate how closely an organization’s control environment aligns with the HITRUST CSF®. We provide Readiness Assessments to support i1 and r2 Assessments. Our HITRUST Readiness Assessment Services help management identify the appropriate HITRUST Assessment for the business and prepare the company for its HITRUST Validation. Our team can provide training, education, samples, and guidance to help management understand the basis of the HITRUST Report® and the expectations when moving into the actual assessment work.

• HITRUST Risk-Based, 2-year (r2)® Assessment: This Assessment results in two reports: the HITRUST CSF Validated Assessment Report and the NIST Cybersecurity Framework Report.

A letter of either Validation or Certification is also issued by HITRUST, based on the Assessment’s scoring.

HITRUST Interim Assessment: This assessment is required to maintain certified reports and must be submitted no later than the one-year anniversary of the original certification.

HITRUST provides industry standardization to evaluate Healthcare organizations and the security of their PHI.

HITRUST implementations can be challenging. Our assessors work closely with you to define a project plan divided into three critical phases: readiness, implementation, and reporting. Establishing a detailed project plan successfully assists organizations in efficiently meeting their compliance objectives.

By dividing the project into manageable phases, stakeholders can address the task at hand while also focusing on and maintaining daily operations. Touchpoints and communication throughout the process give opportunities for stakeholders and our professionals to make sure the project is moving along smoothly.

This offering supports healthcare and other organizations using Amazon Web Services (AWS) to protect sensitive data and strengthen compliance efforts. It is relevant to AWS-hosted environments and services such as Amazon EC2, Amazon S3, Amazon RDS, and AWS networking and security services, helping customers align with HITRUST requirements, improve cybersecurity controls, and demonstrate protection of Protected Health Information (PHI).