Risk Assurance & Advisory

HITRUST Certification

Founded in 2007, the HITRUST Alliance is a not-for-profit organization created to bring about programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. The HITRUST CSF was developed to address the multitude of federal and state security, privacy and regulatory challenges facing organizations through a comprehensive and flexible framework.

Our Approach

Compliance Experts Provide Assessments on Your Behalf

Healthcare industry vendors face a myriad of federal and state regulations and proving the compliance of their implemented systems with all relevant guidelines is complicated and time consuming. Key health insurance providers such as CIGNA, Blue Cross, Blue Shield, Kaiser Permanente and others are requiring vendors to provide HITRUST Common Security Framework (CSF) certification to mitigate the insurers’ risks. This unique certification framework provides a rationalized and efficient approach to security, privacy and regulatory compliance.

Armanino employs a team of compliance experts who are certified to provide HITRUST CSF assessments on your behalf. Our approach is to optimize your control programs and gain efficiencies for our clients by coordinating HITRUST and SOC controls where possible. With one combined engagement, Armanino can address up to 470 required statements to satisfy regulators and insurers.

HITRUST Certification
Armanino is approved to provide services using the HITRUST CSF™, a comprehensive security framework that addresses the multitude of security, privacy and regulatory challenges facing organizations to comply with healthcare (HIPAA, HITECH), third-party (PCI, COBIT) government (NIST, FTC) and other industry specific regulations and standards.


HITRUST CSF Assessments

Armanino provides a variety of HITRUST CSF assessment types to satisfy the needs of your clients. These include:

  • CSF Security Assessment
  • CSF Security & Privacy Assessment
  • CSF Comprehensive Security Assessment
  • CSF Comprehensive Security & Privacy Assessment
  • NIST Cybersecurity Assessment

We coordinate compliance with these HITRUST assessments in the following ways for our clients:

  • SOC 2
  • SOC 2+
  • SOC 2 + HITRUST CSF Certification
  • HITRUST CSF Self-Assessment
  • HITRUST CSF Validated Assessment (Certification)

Reach out to Armanino’s team of certified HITRUST assessors to understand which compliance assessment and program will meet your clients’ certification requirements. We can help you sift through the contractual agreements to determine the best certification path for your company today and for the future. Once your HITRUST CSF certification is complete, Armanino will provide your organization with a press release template you can use to inform your customers and investors.

Patrick Hall - Partner, Audit - San Ramon CA | Armanino
Patrick is a partner in the Risk Assurance & Advisory practice leading the firm’s SOC and HITRUST practices.

San Ramon, CA
Liam Collins - Partner, Audit - San Francisco CA | Armanino
Liam has more than 18 years of assurance and consulting experience, including 10 years with Big Four firms.

San Francisco, CA
Need to Talk?

We're Here For You

If you have any questions or just want to reach out to one of our experts, use the form and we'll get back to you promptly.