HITRUST Certification

Healthcare industry vendors face a myriad of federal and state regulations and proving the compliance of their implemented systems with all relevant guidelines is complicated and time consuming. Key health insurance providers such as CIGNA, Blue Cross, Blue Shield, Kaiser Permanente and others are requiring vendors to provide HITRUST Common Security Framework (CSF) certification to mitigate the insurers’ risks. This unique certification framework provides a rationalized and efficient approach to security, privacy and regulatory compliance.

Armanino employs a team of compliance experts who are certified to provide HITRUST CSF assessments on your behalf. Our approach is to optimize your control programs and gain efficiencies for our clients by coordinating HITRUST and SOC controls where possible. With one combined engagement, Armanino can address up to 470 required statements to satisfy regulators and insurers.

Armanino provides a variety of HITRUST CSF assessment types to satisfy the needs of your clients. These include:

• CSF Security Assessment
• CSF Security & Privacy Assessment
• CSF Comprehensive Security Assessment
• CSF Comprehensive Security & Privacy Assessment
• NIST Cybersecurity Assessment

We coordinate compliance with these HITRUST assessments in the following ways for our clients:

• SOC 2
• SOC 2+
• SOC 2 + HITRUST CSF Certification
• HITRUST CSF Self-Assessment
• HITRUST CSF Validated Assessment (Certification)

Reach out to Armanino’s team of certified HITRUST assessors to understand which compliance assessment and program will meet your clients’ certification requirements. We can help you sift through the contractual agreements to determine the best certification path for your company today and for the future. Once your HITRUST CSF certification is complete, Armanino will provide your organization with a press release template you can use to inform your customers and investors.