Quick Links



HITRUST Certification Services

Our Approach

Healthcare industry vendors face a myriad of federal and state regulations and proving the compliance of their implemented systems with all relevant guidelines is complicated and time consuming.  Key health insurance providers such as CIGNA, Blue Cross, Blue Shield, Kaiser Permanente and others are requiring vendors to provide HITRUST Common Security Framework (CSF) certification to mitigate the insurers’ risks.  This unique certification framework provides a rationalized and efficient approach to security, privacy and regulatory compliance.

Armanino employs a team of compliance experts who are certified to provide HITRUST CSF assessments on your behalf. Our approach is to optimize your control programs and gain efficiencies for our clients by coordinating HITRUST and SOC controls where possible.  With one combined engagement, Armanino can address up to 470 required statements to satisfy regulators and insurers.

What is HITRUST?

Founded in 2007, the HITRUST Alliance is a not-for-profit organization created to bring about programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.  The HITRUST CSF was developed to address the multitude of federal and state security, privacy and regulatory challenges facing organizations through a comprehensive and flexible framework.


Armanino provides a variety of HITRUST CSF assessment types to satisfy the needs of your clients. These include:

  • CSF Security Assessment
  • CSF Security & Privacy Assessment
  • CSF Comprehensive Security Assessment
  • CSF Comprehensive Security & Privacy Assessment
  • NIST Cybersecurity Assessment

We coordinate compliance with these HITRUST assessments in the following ways for our clients:

  • SOC 2
  • SOC 2+
  • SOC 2 + HITRUST CSF Certification
  • HITRUST CSF Self-Assessment
  • HITRUST CSF Validated Assessment (Certification)

Reach out to Armanino’s team of certified HITRUST assessors to understand which compliance assessment and program will meet your clients’ certification requirements. We can help you sift through the contractual agreements to determine the best certification path for your company today and for the future. Once your HITRUST CSF certification is complete, Armanino will provide your organization with a press release template you can use to inform your customers and investors.

Frequently Asked Questions

Visit https://hitrustalliance.net/frequently-asked/ to learn more about the value of HITRUST certification.



HITRUST Certification for SOC AuditHITRUST CSF™ Assessor by HITRUST™


Armanino is approved to provide services using the HITRUST CSF™, a comprehensive security framework that addresses the multitude of security, privacy and regulatory challenges facing organizations to comply with healthcare (HIPAA, HITECH), third-party (PCI, COBIT) government (NIST, FTC) and other industry specific regulations and standards.