HITRUST r2 Validated Assessments | Fixed Fees
HITRUST Risk-Based (r2) Validated Assessments for Healthcare Organizations
Fixed Fees for HITRUST Compliance & Certification
NDB has spent years working in the broader healthcare industry, beginning with HIPAA compliance almost 15 years ago. Along the way, we’ve built a proven, efficient, quality-first healthcare practice that keeps costs down in today’s world of growing regulatory compliance expenses. Because of this, we can offer our HITRUST services as fixed-fees. Contact us today at
6 Phases of HITRUST Compliance & Certification Healthcare Entities
- Phase I – Find an Approved HITRUST Assessor
- Phase II – Perform a HITRUST Scoping & Readiness Assessment
- Phase III – Perform Documentation Remediation (Policies and Procedures)
- Phase IV – Perform Operational Remediation
- Phase V – Completion of HITRUST Risk-Based, 2-Year (r2) Validated Assessment
- Phase VI – Monitoring of Controls for Continued HITRUST Compliance
Phase I – Find an Approved HITRUST Assessor
There are without question a number of well-qualified HITRUST assessors, but what makes us different is our expertise in the healthcare arena:
Some questions to ask when considering a HITRUST provider:
- Does the assessor have the available skills and resources to complete all phases for you, beginning with a Scoping & Readiness Assessment to generate a HITRUST Risk-Based, 2-Year (r2) Validated Assessment report to submit to HITRUST? You want to have the same team in place from beginning to end.
- Does the assessor offer complimentary services for helping with HITRUST compliance – such as policies and procedures writing, etc.?
- Does the assessor have a proven track record of performing HITRUST engagements?
Phase II – Perform a HITRUST Scoping & Readiness Assessment
It’s critically important to begin your HITRUST r2 validation process with an actual scoping & readiness assessment, and for some very practical reasons. First and foremost, you need to identify what the business process is that’s to be covered, and then you’ll want to identify gaps and other issues that require remediation.
What controls are actually in scope for HITRUST compliance? Remember, it’s not a one-size fits all approach as each company undergoing HITRUST compliance will need to determine which controls are in fact in scope.
Phase III – Documentation Remediation (Policies and Procedures)
One of the more time-consuming and arduous processes for becoming compliant with HITRUST is developing the much-needed information security and operational specific policies and procedures that are needed. Documentation can take quite a bit of time to develop, and HITRUST requires a fair amount of it, all the more reason for working with HITRUST auditors who understand the importance of policies and procedures. Questions to ask yourself when considering documentation for HITRUST r2 validation are the following:
- Does my organization have an existing set of information security policies and procedures?
- What specific documents are needed in terms of the in-scope controls from the HITRUST framework?
- Who will author our policies and procedures and where can we obtain policy templates from?
Phase IV– Operational Remediation
Along with developing policies and procedures for HITRUST i1 and r2 validation, compliance and certification, there are also a number of operational measures that healthcare organizations will need to undertake. Examples included, but are not limited to, the following: Performing a risk assessment, undertaking annual security awareness training, testing your incident response plan, and more. NDB has years of experience helping healthcare companies put in place many of the required HITRUST measures so contact us today to learn more. Contact us today at 1-800-277-5415, ext. 705 to speak with our HITRUST experts regarding i1 and r2 validation.
Phase V – Completion of CSF and Certification Process
Earning HITRUST certification requires organizations to upload and provide comprehensive evidence to the CSF portal. This material is reviewed by an actual HITRUST assessor, then HITRUST themselves oversees the entire certification process. It’s a process that does take time, so keep this in mind.
Phase VI – Monitoring of Controls for Continued HITRUST Compliance
Becoming HITRUST compliance is a landmark achievement for many healthcare organizations – no question about it – however, such controls will need to be regularly monitored and inspected for ensuring full compliance moving forward. NDB can assist in building such a program, so contact us today to learn more about our HITRUST continuous monitoring efforts, along with other HITRUST compliance and certification services.