Health Information Trust Alliance Common Security Framework

The HITRUST Alliance, Inc. established the HITRUST CSF with the mindset of “One Framework, One Assessment, Globally,” and it’s one of the most resource-intensive certifications to achieve. Its framework is based on ISO/IEC 27001 and 27002 and incorporates over 40 other security and privacy-related regulations and standards to provide holistic coverage of multiple certifications. The HITRUST CSF is the most widely adopted security framework in the healthcare industry: 83% of hospitals and 82% of health plans use it.


Auditor required to apply?
Yes. By external assessors approved

Federal, state, or industry requirement?

Why Seek CMMC?

  • It’s required to work for the DOD.
  • Limit your competition for DOD contracts.
  • Get more contracts and higher-quality ones.
  • Be one of the first companies to claim CMMC.

A Typical HITRUST Engagement

A Typical HITRUST Engagement HITRUST certification lasts 1 year. An interim review extends it another year.

Timeline: 4-7 months based on the accreditor’s schedule.

Day 0

Project initiation and kickoff

Day 1

Begin creating policies and procedures

Day 30

Supply 25% of policies and procedures

Day 45

Conduct risk assessment

Day 60

Conduct risk assessment

Day 75

Conduct incident response exercise

Day 90

Supply 75% of policies and procedures

Day 120

Supply 100% of policies and procedures

Start onsite audit support

Day 150

Complete audit support

Day 180

Receive HITRUST certification

Let’s get you on the right track.

Fill out the form to talk to a Neutral Partners expert about HITRUST, and we’ll be in touch as soon as possible.

"*" indicates required fields