HITRUST

Protection of patient and other sensitive healthcare information is a top priority for all healthcare organizations, which entails compliance with a growing range of regulations. Staying on top of all the relevant standards can be daunting for stakeholders across a broad array of healthcare service organizations, associates, and vendors.

HITRUST recently released the e1 and i1 versions, to enhance mitigation against evolving cyber threats and to speed up the transition to higher levels of assurance.

The Health Information Trust Alliance (HITRUST) strives to address such problems by:

Offering an integrated security strategy
Introducing a mechanism to certify compliance with HIPAA security criteria to a third-party assessor

HITRUST provides a comprehensive, risk-based certifiable framework that helps healthcare service providers of all types, sizes, and complexity integrate compliance with a wide range of regulations, standards, and best practices.

Why Choose Accorian?

We specialize in aiding organizations of various sizes in the healthcare industry
We are a full-service cybersecurity and compliance service providers
We have years of experience providing security compliance, information security implementation, and testing services.
As an authorized HITRUST CSF Assessor, our qualified security professionals can get you started with successfully scoping for your assessment and facilitating the process to reduce the cost, time, and resources.

HITRUST’s CSF

HITRUST developed and maintains the Common Security Framework (CSF), which provides a mechanism for standardizing Health Insurance Portability and Accountability(HIPAA) compliance and coordinating it with other national and international data security standards in addition to numerous state laws.

The HITRUST CSF certification allows healthcare organizations to perform a single assessment, by integrating more than 20 distinct standards and processes, to certify compliance with multiple initiatives, including a HIPAA compliance audit.

How Important Is HITRUST?

The healthcare sector generally drives and controls HITRUST enforcement, while HIPAA establishes specific consequences for data security violations.
The industry, including hospitals and payer requiring certification, has seen swift adoption of HITRUST and it is gaining ground as an expectation for service providers and vendors.

It’s not always necessary to get HITRUST certification when implementing new technology, but it provides opportunities to streamline security and compliance as part of the implementation process.

When And Why Should You Adopt HITRUST?

You can benefit from HITRUST in a multitude of ways.

Types of HITRUST Assessments

It may be a daunting task to choose the correct HITRUST assessment when you want to analyze and express assurances about the security of protected health information (PHI).

Consider assessments to guarantee that passing an audit by the Office of Civil Rights, the agency within the Department of Health and Human Services that implements the penalties related with the HIPAA Privacy and Security Rules.

The HITRUST CSF certification offers healthcare businesses a variety of examinations. Each of them serves a distinct goal and employs a different methodology. Let’s take a closer look at each one to see which one is right for your organization.

01 HITRUST e1 Assessment

The e1 version offers ‘Good hygiene’ 44 control assurance for organizations with low-level info security risk. It is ideal for small organizations or start-ups with limited resources to differentiate themselves in the marketplace. It’s a faster option to establish a benchmark security posture and identify coverage gaps.

02 HITRUST Implemented, 1-Year (i1) Validated Assessment

This one-year certification is for healthcare organizations and business partners that need moderate assurance. It focuses on a list of controls that HITRUST chooses and updates every year. These controls are tested for how well they are being used. Our assessors will look over the assessment, make sure it is correct, and send it to HITRUST for approval.

03 HITRUST Risk-Based, 2-Year (r2) Validated Assessment

HITRUST CSF assessments look at the different controls that are in scope and how mature they are in the Policy, Procedure, Implemented, Measured, and Managed categories. HITRUST certifications can be earned through validated assessments if you receive a satisfactory assessment score.

It is suggested that new clients do a self-assessment first to get a sense of where they are standing in terms of their score. Our assessors take the time to help clients understand all parts of the assessment and give helpful suggestions for improving scores in areas where they are low.

04 HITRUST Interim Assessment

As required by HITRUST, all validated assessments must be followed by an interim assessment within the first year after certification. The interim assessment checks to see if the controls still work and looks at how well any Corrective Action Plans that were made during the initial validation process are being followed.

05 Bridge Assessment

What happens when an organization that is already HITRUST CSF certified can’t finish its next HITRUST CSF Validated Assessment before its current certificate expires? In such a case, the Bridge Assessment fills the gap.

A Bridge Assessment is similar to an Interim Assessment since it only looks at a limited number of controls and gives an organization a temporary certificate that is acceptable for 90 days. This lets the organization keep working with those who requested HITRUST certification and also finish the next Validated Assessment.

Comparing HITRUST Assessments

Who should get an e1 Certification

The e1 certification can be used for reliable, efficient cybersecurity reviews of:

New business units
Recently deployed technology platforms
Prospective or newly onboarded third-party business partners such as vendors
Existing, lower-risk vendors (e.g., those who handle little to no PII)
Scope, systems, or vendors with minimum inherent risk but that are part of a system with greater aggregate risk
An organization’s practices in support of M&A transactions (buy side or sell side)
Near-term review and baseline scoring of a newly acquired organization’s initial cybersecurity maturity
And use to show justification for more favorable cyber insurance premiums

Accorian’s HITRUST Services

Our team of experts have extensive experience helping clients comply with healthcare security standards and information security. Our HITRUST assessor’s recommendations are transparent and actionable.

We know the complexity of day-to-day IT and security operations, so we’ll never deliver a standard auditor guide or playbook response. We make sure you fully understand and can execute recommendations, personalized for you. From HIPAA to HITRUST and any needs in between, we can support your organization.

GAP Assessment

Facilitated Self – Assessment

Validation/Certification

Interim Assessment

Bridge Assessment

Continuous Monitoring of Framework Compliance

Third-Party Risk Management Program

Healthcare Risk Analysis & Advisory

HITRUST GUIDE

Resources

Article

Ideal Approach to Cybersecurity’s Internal and External Staffing

Written By: By Sean Dowling, VP, Head of HITRUST and vCISO Services at Accorian || Building and maintaining a protected security team is more crucial than ever in today’s rapidly evolving threat landscape. I’ve had the honor of assisting many firms in building and enhancing their information security management programs. Through my experience, I’ve witnessed the vital role a well-rounded security team plays in an information security department, and I take this responsibility with utmost seriousness.Cybersecurity is not just a box to check off on a compliance list—it’s an integral part of protecting your organization’s assets, reputation, and future. The importance of getting the balance equitable between internal and external resources can’t be overstated. It’s about blending the deep organizational knowledge of your internal team with the specialized expertise of external partners to create a resilient, proactive security posture.The Value of Internal ExpertiseYour internal security team is the backbone of your organization’s defense. They bring with them an intimate understanding of your systems, processes, and culture. I’ve observed how internal teams, leveraging deep-rooted knowledge, are seamlessly able to conduct tailored risk assessments that are not only comprehensive but directly aligned with the organization’s specific business needs. Whether managing compliance with GDPR, HIPAA, HITRUST, or responding to incidents, the internal staff are essential for executing a security strategy that aligns with organizational needs.Internal teams are also invaluable for incident response. Under high pressure situations, they know the intricacies of the systems they’re protecting, allowing for quicker action to mitigate these threats. The importance of this familiarity during a security incident cannot be overemphasized as time is often the most critical factor in limiting damage.In addition, cybersecurity is a vast and rapidly evolving sector, and while internal teams are essential, their capacities do face constraints. This is where partnerships with external resources come into play, and in my journey, I’ve witnessed numerous organizations benefit extensively by leveraging the strengths of both parties.Leveraging External ExpertiseIn my role at Accorian, we have offered services to smaller organizations that might not need a full-time Security Operations Center (SOC), and who have benefitted immensely from our Managed Security Services (MSS). We, as providers offer continuous monitoring and response, which adds an additional layer of protection that complements the work of internal teams. Having the option to scale resources as needed allows these organizations to stay agile without overextending their budgets. We, as external partners bring with us specialized expertise that can fill gaps in areas such as penetration testing, threat intelligence, and 24/7 monitoring services that may be too costly or impractical to handle entirely in-house.However, outsourcing does come with its own set of challenges. It’s important to ensure that third-party relationships don’t introduce additional risks. My persistent recommendation has been to establish a strong vendor risk management program and define clear Service Level Agreements (SLAs) to manage expectations, ensuring that external partners are as invested in your security posture as you are.To vCISO or to not vCISOAs a Virtual Chief Information Security Officer (vCISO), I believe that engaging a vCISO will significantly benefit both small and large organizations. Adding a vCISO can be a game-changer for your information security strategy by providing the benefits of CISO-level guidance without the hefty expense of a full-time executive. Here’s how a vCISO can enhance your cybersecurity program:Cost ReductionHiring a full-time CISO can be prohibitively expensive, especially for small to mid-sized businesses. A vCISO offers a cost-effective alternative, enabling organizations to leverage experienced security leadership as needed.Scalable Staffing SolutionsA vCISO provides your organization with a scalable staffing solution, particularly useful during high-demand periods or specific security projects.Access to Expanded ExpertiseUnlike an…

Article

How Leveraging HITRUST AI RISK MANAGEMENT ASSESSMENT can benefit organizations

Written By: By Sean Dowling, VP of Compliance and Head of HITRUST at Accorian || As artificial intelligence (AI) becomes a more significant part of our daily work, it's crucial for organizations to tackle the growing risks that come with these powerful technologies. HITRUST’s AI Risk Management (AI RM) Assessment offers a comprehensive framework to manage these risks and ensure AI systems are used responsibly. Here's how you can make the most of the HITRUST AI RM Assessment to build a secure and reliable AI governance model.WHO SHOULD CONSIDER HITRUST AI RM?If your organization uses, develops, or deploys AI technologies, you should seriously consider adopting HITRUST's AI RM Assessment. Whether you're in healthcare, finance, manufacturing, or retail, AI is transforming industries. But with these benefits come new and unique risks like security vulnerabilities, ethical concerns, and regulatory compliance challenges. HITRUST’s AI RM Assessment addresses these issues head-on, helping you stay ahead in managing AI risk. It offers 51 practical controls, harmonized with leading global standards such as ISO/IEC 23894:2023 and NIST, to ensure comprehensive risk management tailored to AI systems.If you are an Existing HITRUST Client?Existing HITRUST clients should see this as a natural progression to extend their risk management into the AI space. For those already leveraging HITRUST frameworks like e1, i1, or r2, the AI RM Assessment is a valuable extension of your current risk management practices. By integrating AI-specific governance into your broader compliance strategy, you can streamline how you manage AI risks without duplicating efforts.If you are New to HITRUST?If you're new to HITRUST, the AI RM Assessment is an ideal entry point. It provides a structured, accessible framework to manage AI risks without requiring a full-scale certification. For companies just beginning to explore AI or those looking to establish robust AI governance, this assessment delivers clear guidance and practical insights into mitigating the risks associated with AI technology. For many organizations starting to use AI, this assessment is an essential first step toward establishing a strong AI governance program.WHAT DOES HITRUST AI RM OFFER BEYOND COMPLIANCE?While compliance with the 51 controls is a fundamental part of the HITRUST AI RM Assessment, the framework goes well beyond ticking boxes. It offers deep insights into how you can create robust AI governance models and ensure that AI technologies are used responsibly and ethically. Here are some of the features that AI RM has to offer.1. Comprehensive AI GovernanceThe AI RM Assessment helps you develop a robust governance framework that addresses cybersecurity and broader concerns like AI’s environmental impact, transparency, and fairness. It encourages you to consider critical issues like carbon footprints and the ability to challenge AI decisions, ensuring a holistic approach to AI risk management.2. Risk Management Beyond ComplianceThe assessment isn’t just about meeting regulatory standards; it’s about understanding where your AI deployments might introduce risk and taking proactive steps to mitigate them. HITRUST’s AI RM framework helps you navigate the complex landscape of responsible AI use, by looking at areas like transparency, contestability, and ethical considerations.3. Detailed Reporting and Visual InsightsThe AI RM Assessment generates comprehensive reports that include scorecards and visual representations of your AI risk management maturity. These reports provide detailed feedback on your AI governance performance, highlighting areas of strength and pinpointing gaps that must be addressed. With these insights, you can make informed decisions about where to focus your risk mitigation efforts.4. Bridge Gaps in AI-Specific Risk ManagementWhile HITRUST’s general frameworks (e1, i1, and r2) cover comprehensive risk management, they do not focus specifically on AI systems. The AI RM Assessment fills this gap, ensuring that your organization can address the distinct...

Article

What is HITRUST AI Risk Assessment: POV of Accorian’s VP of HITRUST

Written By: Sean Dowling || Have you ever considered what happens if your AI system makes an error or gets compromised? Especially if it’s Ai in healthcare? That’s a scary thought. That’s where the HITRUST AI RM Assessment comes in. It helps businesses identify and mitigate these risks early on, ensuring that AI solutions are both effective and secure.Let’s face it—AI is no longer just a buzzword. It’s becoming an integral part of many businesses, helping to streamline operations, improve decision-making, and enhance customer experiences. But with all these advancements come new risks, such as how we handle sensitive data, ensure AI systems are secure, and maintain ethical practices.Why Am I so stokedPersonally, this is something I’m deeply passionate about. Having been a part of the HITRUST Assessor Council along with my colleague, Stephanie Madhok, we had the privilege of directly contributing to the development of this groundbreaking AI RM Assessment. This isn’t just another framework or checklist; it’s a practical tool designed to help businesses of all sizes manage AI risk effectively, and it’s the first of its kind. That’s why we’re excited to share how the new HITRUST AI Risk Management (AI RM) Assessment can help you take control of AI governance and security within your organization.When it comes to Artificial Intelligence in healthcare (AI), the opportunities are endless, but so are the risks. As companies explore the power of AI to transform their operations, they need to be sure that they’re doing so safely and responsibly.Case Study - An Interesting StoryWe’re working with a healthcare company that is integrating AI to streamline their patient care processes. They are excited about the benefits, but also nervous about the security risks, particularly around patient data. With the HITRUST AI RM Assessment, we are now helping them build a comprehensive AI governance framework. Not only does this protect their data, but it also gives them the confidence to move forward with their AI initiatives. They will soon start reaping the rewards of AI innovation without losing sleep over security concerns.This is exactly what we do—assess risk, implement governance structures, and validate controls so you can focus on what matters: growing your business.Simplifying AI Governance in HealthcareAI governance might sound complicated, but it doesn’t have to be. The HITRUST AI RM Assessment covers 51 key control requirements, mapped to global standards like NIST and ISO/IEC. These controls help businesses create a strong governance model, ensuring AI is used responsibly and securely.At Accorian, we know this process inside and out. We take the time to understand your unique needs and tailor our approach accordingly. Think of us as your AI risk management partner—we simplify the technical stuff, so you don’t have to.Have you ever tried piecing together risk management requirements from multiple sources? It’s a headache. That’s why the HITRUST framework is so valuable. It brings everything together in one place, making it easier to manage AI risk, no matter how complex your environment may be.Building Trust Through AI ComplianceTrust is key. Whether it’s your customers, business partners, or even regulators, everyone needs to know that your AI solutions are secure. Achieving compliance through the HITRUST AI RM Assessment not only protects your business but also builds that much-needed trust.One of the best parts about the HITRUST AI RM Assessment is that it’s designed to be flexible. Whether you want to use it as a self-assessment or bring in an External Assessor like Accorian to validate your results, the framework supports both approaches. For us at Accorian, this is where our expertise shines. We help businesses benchmark their AI risk management efforts and...

Article

The Role of HITRUST CSF in Achieving Cyber Resilience

Today, healthcare organizations' essential function depends heavily on connected systems to provide essential services. However, this technological progress presents some serious threats, especially in the cyber sector. Imagine the consequences of a cyberattack compromising patient data due to malware. Hospital operations could be severely disrupted, not by a medical emergency but by a security breach.This article references HITRUST’s “TRUST REPORT: Navigating the Landscape of Trust in Information Assurance.” It talks about how the HITRUST framework allows organizations to strengthen their protection against security threats. HITRUST recognizes the necessity of being prepared in today’s digital landscape.How Does HITRUST CSF Strengthen Cyber Resilience?To fully understand this, it’s essential to grasp the concept of cyber resilience. This refers to an organization’s ability to maintain operations and minimize disruptions even during cyber-attacks. The HITRUST framework is a pivotal tool that aids organizations in achieving and demonstrating this resilience, helping provide a structured approach to planning and maintaining security for operational continuity. By adopting the HITRUST framework, organizations can effectively detect, protect against, respond to, and recover from cyber incidents.Achieving HITRUST certification signifies that an organization has met rigorous cybersecurity standards, showcasing its capacity to sustain operations despite cyber threats. This certification is a clear indicator of one of the higher levels of cybersecurity resilience.Types of HITRUST CertificationsHITRUST offers three main certifications:HITRUST e1 (Essential): This is a certification for small to medium-sized organizations that provides a foundational level of cybersecurity and data protection aligned with core standards and regulations. It contains core security practices and controls and is valid for one year.HITRUST i1 (Implementable): This certification evaluates and verifies the implementation of comprehensive cybersecurity practices and controls aligned with recognized standards and regulations. It is ideal for smaller organizations or those early in their cybersecurity journey and is valid for one year.HITRUST r2 (Risk-based): This is a comprehensive, risk-based certification for organizations requiring higher assurance and compliance with multiple regulatory frameworks. Valid for two years with an interim assessment for organizations of various sizes.These certifications cater to different levels of cybersecurity maturity and assurance needs.HITRUST Certification and ContinuityOnce certified, HITRUST certification is valid for a specified period, contingent upon the certification type and adherence to certain conditions. Specifically, the r2 certification remains valid for two years, while the i1 or e1 certifications are valid for one year. To maintain the certification, organizations must meet the following criteria:No Data Security Breaches: There must be no reported data security breaches to federal or state agencies within or impacting the assessed environment.Annual Progress on CAPs: Organizations are required to demonstrate annual progress on areas identified in the Corrective Action Plan(s) (CAPs)Consistency in Policies and Practices: There should be no significant changes in business or security policies, practices, controls, and processes that could compromise the organization’s ability to meet certification criteria.Meeting these conditions ensures the ongoing validity of the HITRUST certification and demonstrates the organization’s continued commitment to cybersecurity resilience.HITRUST CSF Responding to Security BreachesWhile no organization is entirely immune to cyber threats, HITRUST-certified entities are better prepared to manage incidents. Only 0.64% of firms with HITRUST certificates reported a security breach within their certified environment between 2022 and 2023, according to the TRUST Report (2024). This figure demonstrates how well the HITRUST framework maintains cyber resilience and constantly improves the level of cyber resilience. HITRUST mandates that they make annual progress on their CAPs.When a security breach occurs, HITRUST collaborates closely with the impacted organization to evaluate the consequences and make necessary improvements to the HITRUST framework based on insights from the event. This continuous process of development strengthens overall defenses against new cyber threats.Annual Progress on Corrective...

Article

Leveraging HITRUST MyCSF Portal

In today's dynamic cyber landscape, the HITRUST MyCSF portal empowers organizations to navigate complex information security requirements and ensure robust protection against threats. This is not just a tool but a vital resource for extensive risk management, streamlining the HITRUST assessment, and ensuring HITRUST certification compliance. It also enhances an organization’s security posture. The HITRUST MyCSF portal is designed to quickly and efficiently assimilate all stakeholders into a cohesive trust system. It enables organizations to efficiently manage their HITRUST assessments and certifications by blending efforts with assessors, service providers, relying parties, and HITRUST. This centralized approach allows for better documentation, communication, and performance improvement in information security, providing a sense of reassurance and confidence in the process. About HITRUST MyCSF Portal The portal features robust internal reporting capabilities that provide substantial benefits. Despite being underutilized, these capabilities hold immense potential. Organizations can leverage MyCSF creatively and effectively to produce executive-level reports that boost confidence, enrich data-driven decision-making, prioritize resources, and drive strategic outcomes. MyCSF offers versatile on-demand internal reporting options, enabling organizations to efficiently gather, analyze, and configure cybersecurity data from their repository. With intuitive navigation and precise filtering, teams can generate impactful heat maps, dashboards, and visual reports. These tools communicate cybersecurity status, highlight improvement opportunities, set performance benchmarks, demonstrate compliance levels, and meet essential GRC (Governance, Risk, and Compliance) needs. Features of HITRUST MyCSF Portal The portal helps organizations enhance efficiency in evaluating, managing, and reporting information risk and compliance through the following features: Support for HITRUST Certification Phases</h2 > Leverage data based on the previous results and implement them on distinct assessments to meet changing business needs Customize and Configure</h2 > Optimizes the evaluation process by setting the most appropriate control requirement statements for flexibility during r2 tests. Create and save bespoke control libraries for targeted assessments Centralize Corrective Action Plans (CAPs)</h2 > Manage all CAPs in one place, including those from non-HITRUST evaluations Assessments Tracking for CSF Reports</h2 > Simplify monitoring of HITRUST-reviewed requirement statements and respond to HITRUST assurance comments Integrate and Exchange Data via Robust API</h2 > Streamline data sharing with various systems, including GRC tools Centralize Assessments</h2 > Maintain a library of past and current assessment results with supporting documentation, including links to control requirements and maturity domains. These links are crucial, as they provide a comprehensive understanding of the assessment results and their implications. They also help locate and view uploaded evidence using an in-browser document reader Model HITRUST Assessment Results</h2 > Preview the impact of changes in scope, authoritative sources, or framework version on an assessment before integration Create Advanced Analyses and Dashboards</h2 > Generate customized reporting, charts, and dashboards based on HITRUST assessment scoring Inherit Controls</h2 > Inherit results and scores from existing assessments and other HITRUST-certified service providers, including industry-leading cloud service providers. This feature simplifies the assessment process, reduces redundancy, and ensures all relevant controls are addressed without duplicating efforts Insight Reporting</h2 > Report insights to understand the HITRUST assessment scoring Results Distribution System (RDS)</h2 > Store and efficiently distribute assessment results to stakeholders. It ensures transparency and allows organizations to confidently share their security posture with customers, partners, and regulatory bodies Benefits of MyCSF Portal Here are some benefits of utilizing the MyCSF portal for assessments and risk management Automates the assessment workflow and submission process, distributing phases between HITRUST, the assessed organization, and external HITRUST assessors Enhances the reliability and accuracy of HITRUST assessment reports with intelligent analytics Delivers profound insights into an organization’s security maturity, facilitating precise reporting and informed decision-making Facilitates the inheritance of controls from external entities, streamlining the assessment process for organizations that utilize...

Article

Accorian Joins Vanta’s Managed Service Provider Partner Program

(11/06/24, East Brunswick) Accorian, announced today that it has joined Vanta, the leading trust management platform, Managed Service Provider (MSP) Partner Program, enabling partners to grow their business and deliver more value to their clients by transforming trust into a marketable advantage. “We’re thrilled to be joining Vanta’s MSP Partner Program, and the opportunity to streamline compliance processes with Vanta’s platform offers a real advantage to customers.” – “Premal Parikh, CEO and Co-Founder, Accorian. Vanta is the leading trust management platform that helps simplify and centralize security and compliance for organizations of all sizes. Over 8,000 companies including Atlassian, Chili Piper, Flo Health and Quora rely on Vanta to build, maintain and demonstrate their trust—all in a way that's real-time and transparent. Accorian’s cybersecurity and compliance teams bring a wealth of experience to help organizations navigate through their information security and compliance journey. Whether your organization is pursuing an e1, i1, or r2 certification, our HITRUST assessor’s recommendations are transparent and actionable. “We know the complexity of day-to-day IT and security operations, so we’ll never deliver a standard auditor guide or playbook response. We make sure you fully understand and can execute recommendations, personalized for you.” “We’re thrilled to welcome Accorian to our MSP Partner Program, which offers the fastest and simplest approach to continuous security monitoring and automated compliance for managed service providers,” said Elliot Goldwater, VP of Partnerships, Vanta. “By putting Vanta’s market-leading platform as the cornerstone of their security managed service offering, Accorian can expand their clients’ security with trust management, while building their own competitive advantage.” At the foundation of the MSP Partner program is Vanta’s trust management platform that simplifies and centralizes security program management by providing full visibility into an organization’s risk. Vanta enriches those findings with contextual data, and helps organizations remediate issues and track progress as a single source of truth for their security posture. Vanta’s MSP Partner Program features a multi-tenant management console, world-class partner support and flexible billing integration — making it seamless for partners to deliver value to their clients while scaling up their business. For more information about Vanta’s MSP Partner Program, visit: https://www.vanta.com/msp Vanta’s Service Provider ecosystem strengthens customers’ security posture by partnering with the most prominent virtual Chief Information Security Officers, managed security service providers, and advisory/consulting firms. With Vanta as their foundational tool, partners are able to offer an expansive breadth and depth of security offerings, increasing overall client satisfaction. For all inquiries, please contact Brandon Carey: Brandon.Carey@accorian.com

Article

Accorian Team Members Appointed to HITRUST Authorized External Assessor Council

Accorian Team Members Appointed to HITRUST Authorized External Assessor Council We are thrilled to announce that Sean Dowling, Stephanie Madhok, and Andrea Britt are selected members of the HITRUST Authorized External Assessor Council, representing the highest number of individuals from any company on the council. The council fosters partnerships between HITRUST and leading Assessors who will contribute their extensive knowledge and experience to: Share insights and challenges related to HITRUST services Provide valuable input on the HITRUST CSF Assurance Program, ensuring its continued integrity, effectiveness, and efficiency Advocate for the industry's highest standards in information security and privacy Congratulations to the HITRUST team on this remarkable achievement. Article: https://hitrustalliance.net/councils-working-groups/

Article

We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.

“We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.” In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges, said Jeremy Huval, Chief Innovation Officer, HITRUST. This achievement places Novus in an elite group of organizations worldwide that have earned this certification. Read More

Article

KPI Ninja Earns HITRUST r2 Certification for Information Security

Congratulations to our client KPI Ninja by Health Catalyst on their HITRUST certification! The certification ensures KPI Ninja meets the key compliance requirements included across a wide rang of industry standards and frameworks, and federal and state regulations. Read More

Article

“Congratulations Inovaare Corporation on their HITRUST certification! Glad we could play a part in it.”

Inovaare Corporation, a compliance, and operations management software provider leading digital transformation within the healthcare industry, today announced its platform, data center, and offices earned Certified status for information security by HITRUST.HITRUST CSF® Certification validates Inovaare is committed to meeting key regulations and protecting sensitive information. To know More Click Here

Resources

What Our
customers are
saying about us

Read Testimonials

Security/Privacy Officer at NOVUS

Morgan Kershner

Working with Accorian to achieve our HiTrust validation has been a wonderful experience. They have knowledgeable and hardworking staff dedicated to making their customers feel at ease during the whole process. We look forward to continuing our partnership with Accorian.

President & Chief Product Officer at AGATHOS

Steven Waye

Launching a healthcare business is diffcult enough before you factor in the hours and expertise required to manage PHI in a secure and compliant manner. Finding a trusted partner to guide us through the process had been an enormous headache until we were introduced to Accorian. In addition to their technical and project management know-how as our HITRUST shepherds and assessors, they’ve been incredible partners in every sense of the word as they’ve patiently and expertly guided us through the process and remained flexible to our timelines and needs. Steven Waye, President & Chief Product Officer, Agathos

Head of Engineering at Oshi Health

Paul Degnan

We executed our annual penetration test with the help of Accorian’s team. They were great to work with and provided a clear and detailed report that helped us strengthen the security profile of our apps and brand site. Their findings were current and included extremely clear explanations of the risks and the steps needed to remediate them. I rest easier knowing we’ve closed those issues.

SSCP, Program manager, Security & Compliance CORIELL LIFE SCIENCES

Kevin Liveslsberger

I want to thank you, Premal, and the entire Accorian team for your excellent work and collaboration throughout this process. Accorian has been a full-service provider to us, and we could not have asked for a more seamless and professional approach to our business. Not only were you able to guide and facilitate our HITRUST assessment, but you have been able to provide the skills and knowledge to help us strengthen our security program. You are fully aware of the value this brings to any organization looking to grow and achieve trust. On behalf of myself and the entire Coriell team, please accept our sincerest gratitude for all the professionalism, hard work and commitment you have provided to us! Kevin Livelsberger CISSP | SSCP, Program manager, Security & Compliance, Coriell Life Sciences

Penetration Testing

Security Compliance

Security Consulting

Staffing

Resources

About Us

HITRUST

Why Choose Accorian?

HITRUST’s CSF

How Important Is HITRUST?

When And Why Should You Adopt HITRUST?

Types of HITRUST Assessments

01

HITRUST e1 Assessment

02

HITRUST Implemented, 1-Year (i1) Validated Assessment

03

HITRUST Risk-Based, 2-Year (r2) Validated Assessment

04

HITRUST Interim Assessment

05

Bridge Assessment

Comparing HITRUST Assessments

Who should get an e1 Certification

Accorian’s HITRUST Services

GAP Assessment

Facilitated Self – Assessment

Validation/Certification

Interim Assessment

Bridge Assessment

Continuous Monitoring of Framework Compliance

Third-Party Risk Management Program

Healthcare Risk Analysis & Advisory

HITRUST GUIDE

Resources

Article

Ideal Approach to Cybersecurity’s Internal and External Staffing

Article

How Leveraging HITRUST AI RISK MANAGEMENT ASSESSMENT can benefit organizations

Article

What is HITRUST AI Risk Assessment: POV of Accorian’s VP of HITRUST

Article

The Role of HITRUST CSF in Achieving Cyber Resilience

Article

Leveraging HITRUST MyCSF Portal

Article

Accorian Joins Vanta’s Managed Service Provider Partner Program

Article

Accorian Team Members Appointed to HITRUST Authorized External Assessor Council

Article

We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.

Article

KPI Ninja Earns HITRUST r2 Certification for Information Security

Article

“Congratulations Inovaare Corporation on their HITRUST certification! Glad we could play a part in it.”

Resources

What Our customers are saying about us

Security/Privacy Officer at NOVUS

Morgan Kershner

Working with Accorian to achieve our HiTrust validation has been a wonderful experience. They have knowledgeable and hardworking staff dedicated to making their customers feel at ease during the whole process. We look forward to continuing our partnership with Accorian.

President & Chief Product Officer at AGATHOS

Steven Waye

Head of Engineering at Oshi Health

Paul Degnan

SSCP, Program manager, Security & Compliance CORIELL LIFE SCIENCES

Kevin Liveslsberger

Team Certifications

Ready To Start?

Security Compliance & Assessment Services

CONSULTING & ASSESSMENT SERVICES

Contact Info

Contact With Us

Office Address

Accorian Head Office

Accorian Canada

Accorian India

Ready to Start?​

Wordpress Developer (3-5 Years)

Senior Manager - Penetration Testing (5-7 years)

Senior Manager - Compliance (5-7 Years)

What Our
customers are
saying about us

Ready to Start?