HITRUST
HITRUST CSF offers a robust, risk-based certifiable framework that enables healthcare service providers of all types, sizes, and complexities to seamlessly integrate compliance with a broad spectrum of regulations, standards, and best practices. HITRUST assessments are designed to enhance mitigation against evolving threats.
Accorian’s
HITRUST Services
Accorian’s HITRUST Services
At Accorian, we specialize in guiding healthcare organizations through the HITRUST certification process. Our services include:
Gap Analysis: We conduct a thorough review to identify current compliance gaps and provide actionable recommendations.
Framework Implementation: Our team assists in implementing the HITRUST CSF controls tailored to your organization’s specific needs.
Preparation for Certification: We help organizations prepare for the HITRUST certification process, ensuring all requirements are met for a smooth evaluation.
HITRUST CSF Validation: We perform comprehensive HITRUST CSF audits to evaluate your compliance status for certification.
Training and Awareness: We provide training programs to educate staff on HITRUST standards and best practices for data protection.
With the recent release of HITRUST’s e1 and i1 versions, organizations can enhance their defenses against evolving cyber threats while accelerating the journey to higher levels of assurance. Partner with Accorian to strengthen your compliance efforts and safeguard sensitive healthcare information effectively.

Why Should You Adopt HITRUST?
Regulatory Compliance
HITRUST harmonizes best practices from more than 50 standards, frameworks, and regulations to address all 19 domains of security and risk management of cyber threats.
Risk Management
Helps identify and mitigate potential vulnerabilities.
Streamlined Processes
Integrates multiple compliance requirements into a single framework.
Enhanced Security Posture
Strengthens overall security measures against data breaches.
Market Advantage
Achieving certification boosts your reputation and competitiveness.
Stakeholder Confidence
Meets key regulations related to ways and means of showcasing assurance to your healthcare clients.
Adaptability to Change
Regular updates keep compliance efforts relevant against emerging threats.

Adopting HITRUST protects sensitive healthcare information and positions your organization for long-term success in a complex regulatory landscape.
Types of HITRUST Assessments
HITRUST provides a comprehensive security and compliance framework that integrates and harmonizes over 50 authoritative sources, including HIPAA, NIST, ISO, GDPR, and more. The HITRUST approach allows organizations to achieve scalable and efficient assessments that align with their unique risk and regulatory requirements.
01
HITRUST e1 Assessment
The HITRUST e1 Assessment provides a streamlined, cost-effective approach to foundational cybersecurity assurance. Aligned with NIST CSF, it evaluates essential controls for low-risk organizations, vendors, and those new to HITRUST. Validated by a HITRUST Authorized External Assessor, successful organizations receive a HITRUST e1 Certification. As a stepping stone in the HITRUST framework, the e1 helps organizations strengthen security and progress toward higher-level assessments like the i1 or r2.
02
HITRUST i1 Assessment
The HITRUST i1 Assessment provides a risk-based, threat-adaptive approach to cybersecurity assurance. Designed for moderate-risk organizations and vendors, it evaluates leading security practices based on evolving threat intelligence. The i1 is always validated by a HITRUST Authorized External Assessor, ensuring consistency and credibility. Successful organizations receive a HITRUST i1 Certification (valid for one year), offering stronger assurance than the e1 and serving as a pathway to the comprehensive r2 assessment.
03
HITRUST r2 (Risk-Based) Validated Assessment
The HITRUST r2 Assessment is the gold standard for cybersecurity and compliance, offering the highest level of assurance. Tailored for high-risk organizations, it evaluates up to 2000+ controls based on multiple frameworks (NIST, ISO, HIPAA, PCI-DSS). The r2 is validated by a HITRUST Authorized External Assessor and undergoes HITRUST Quality Assurance review. Organizations achieving certification (valid for two years) demonstrate comprehensive security and compliance maturity, with an interim assessment required in year one.
Comparing HITRUST Assessments
ESSENTIALS 1-YEAR
-
An e1 is a baseline certification
-
44 fixed controls
-
Yearly certification
-
Assessment Complexity: Low
-
Small, non-complex environments
IMPLEMENTED 1-YEAR
-
An i1 is the stepping-stone certification
-
182 fixed controls
-
Annual re-certification
-
Assessment Complexity: Moderate
-
Moderate assurance needs
RISK BASED 2-YEARS
-
An r2 is a comprehensive risk-based certification
-
Up to 2,000+ (risk-based selection)
-
2 years (with interim assessment)
-
Assessment Complexity: High
-
Highly regulated industries & complex organizations
Accorian’s Proven Approach

Gap Assessment
- Define scope for HITRUST
- Use the HITRUST MyCSF tool to understand number of controls in consideration
- High level review of the HITRUST controls and identify gaps against current state
- Create a roadmap plan towards certification
Roadmap Execution
- Work with you to implement roadmap
- Assist with creating policies/procedures
- Perform required security testing
- Provide program management
Incubation
HITRUST requires organizations to demonstrate implementation of their policies and procedures for at least 90 days prior to initiating the Validated Assessment
Validated Assessment
- Accorian will give detailed instructions on how to upload the necessary evidence
- Accorian will test against control requirements, comment, and score each control
- Submit Validated r2 Assessment to HITRUST for Validation/ Certification
Maintenance
- For an e1, annual Validated Assessment
- For an i1, rapid recertification in the second year
- For an r2, an interim assessment in the second year
Start Here
Access Our All-In-One HITRUST Brochure

HITRUST Guide
Accorian Team Members Appointed to
HITRUST Authorized EA COUNCIL
Accorian Team Members Appointed to HITRUST Authorized EA COUNCIL
Our members of the HITRUST Authorized External Assessor Council represent the highest number of individuals from any company on the council. The council fosters partnerships between HITRUST and leading Assessors who contribute their extensive knowledge and experience to:
Share insights and challenges related to HITRUST services
Provide valuable input on the HITRUST CSF Assurance Program, ensuring its continued integrity, effectiveness, and efficiency
Advocate for the industry’s highest standards in information security and privacy
Our HITRUST Directors
Why Choose Accorian?
As an authorized HITRUST CSF Assessor, Accorian specializes in assisting businesses of all sizes to achieve certification. Our security team possesses extensive experience in HITRUST implementation and certification, enabling us to serve as your full-service cybersecurity partner throughout the process.
Trusted By Leading Clients



