HITRUST r2 Validated Assessments | Fixed Fees

fixed-fee HITRUST Risk-Based, 2-Year (r2) Validated Assessments for healthcare organizations all throughout North America

HITRUST Risk-Based (r2) Validated Assessments for Healthcare Organizations

NDB offers comprehensive HITRUST Risk-Based, 2-Year (r2) Validated Assessments for healthcare organizations all throughout North America. As a proven provider of HITRUST services, NDB can assist with all facets of HITRUST compliance and certification, beginning with a scoping & readiness assessment by expert auditors, developing policies and procedures, and much more. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Request a Consultation

Fixed Fees for HITRUST Compliance & Certification

NDB has spent years working in the broader healthcare industry, beginning with HIPAA compliance almost 15 years ago. Along the way, we’ve built a proven, efficient, quality-first healthcare practice that keeps costs down in today’s world of growing regulatory compliance expenses. Because of this, we can offer our HITRUST services as fixed-fees. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

6 Phases of HITRUST Compliance & Certification Healthcare Entities

Phase I – Find an Approved HITRUST Assessor
Phase II – Perform a HITRUST Scoping & Readiness Assessment
Phase III – Perform Documentation Remediation (Policies and Procedures)
Phase IV – Perform Operational Remediation
Phase V – Completion of HITRUST Risk-Based, 2-Year (r2) Validated Assessment
Phase VI – Monitoring of Controls for Continued HITRUST Compliance

Phase I – Find an Approved HITRUST Assessor

There are without question a number of well-qualified HITRUST assessors, but what makes us different is our expertise in the healthcare arena:

Some questions to ask when considering a HITRUST provider:

Does the assessor have the available skills and resources to complete all phases for you, beginning with a Scoping & Readiness Assessment to generate a HITRUST Risk-Based, 2-Year (r2) Validated Assessment report to submit to HITRUST? You want to have the same team in place from beginning to end.
Does the assessor offer complimentary services for helping with HITRUST compliance – such as policies and procedures writing, etc.?
Does the assessor have a proven track record of performing HITRUST engagements?

Phase II – Perform a HITRUST Scoping & Readiness Assessment

It’s critically important to begin your HITRUST r2 validation process with an actual scoping & readiness assessment, and for some very practical reasons. First and foremost, you need to identify what the business process is that’s to be covered, and then you’ll want to identify gaps and other issues that require remediation.

What controls are actually in scope for HITRUST compliance? Remember, it’s not a one-size fits all approach as each company undergoing HITRUST compliance will need to determine which controls are in fact in scope.

Phase III – Documentation Remediation (Policies and Procedures)

One of the more time-consuming and arduous processes for becoming compliant with HITRUST is developing the much-needed information security and operational specific policies and procedures that are needed. Documentation can take quite a bit of time to develop, and HITRUST requires a fair amount of it, all the more reason for working with HITRUST auditors who understand the importance of policies and procedures. Questions to ask yourself when considering documentation for HITRUST r2 validation are the following:

Does my organization have an existing set of information security policies and procedures?
What specific documents are needed in terms of the in-scope controls from the HITRUST framework?
Who will author our policies and procedures and where can we obtain policy templates from?

Phase IV– Operational Remediation

Along with developing policies and procedures for HITRUST i1 and r2 validation, compliance and certification, there are also a number of operational measures that healthcare organizations will need to undertake. Examples included, but are not limited to, the following: Performing a risk assessment, undertaking annual security awareness training, testing your incident response plan, and more. NDB has years of experience helping healthcare companies put in place many of the required HITRUST measures so contact us today to learn more. Contact us today at 1-800-277-5415, ext. 705 to speak with our HITRUST experts regarding i1 and r2 validation.

Phase V – Completion of CSF and Certification Process

Earning HITRUST certification requires organizations to upload and provide comprehensive evidence to the CSF portal. This material is reviewed by an actual HITRUST assessor, then HITRUST themselves oversees the entire certification process. It’s a process that does take time, so keep this in mind.

Phase VI – Monitoring of Controls for Continued HITRUST Compliance

Becoming HITRUST compliance is a landmark achievement for many healthcare organizations – no question about it – however, such controls will need to be regularly monitored and inspected for ensuring full compliance moving forward. NDB can assist in building such a program, so contact us today to learn more about our HITRUST continuous monitoring efforts, along with other HITRUST compliance and certification services.

North America’s Leading Provider of HITRUST Services

Looking for a proven, well-known, and high-quality provider of HITRUST Risk-Based, 2-Year (r2) Validated Assessment services from an Atlanta, Georgia based compliance firm? If so, get to know NDB, North America’s leading provider of a wide-range of regulatory compliance services, such as SOC 1 and SOC 2 audits, PCI DSS assessments, along with HITRUST compliance and certification services for organizations located all throughout the country. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.