HITRUST Common Security Framework (CSF) is an industry standard for healthcare organizations to protect PHI and comply with HIPAA Privacy and Security Rules. ecfirst is a HITRUST authorized CSF Assessor and helps you through the journey of certification, including Self-Assessment, Validation, & Certification.

ISO 27001 Services – To guide your enterprise through the ISO 27001 certification process we provide planning, assessment, preparation and execution of certification process.


PCI-QSA – To ensure that you remain compliant Payment Card Industry Data Security Standard (PCI DSS) compliant we assist with assessment, review, remediation and training.


The HITRUST CSF is a common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing procedures and scoring, and demonstrable efficiencies and cost- containment; and additional assurances around the accuracy, consistency and repeatability of assessments due to the use of pre-qualified professional services firms—all of which is designed to meet the unique regulatory and business needs of the healthcare industry. It is a risk-based approach to selecting HITRUST CSF controls for assessment, including management oversight of the assessment. The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting that addresses healthcare federal, state and industry requirements for both covered entities and their business associates.

The HITRUST self-assessment process enables your organization to establish a baseline of the current state of your policies, processes and controls – all of which are formally documented. We at ecfirst can assist your organization to go through this process and address HITRUST requirements for self-assessment. The self-assessment provides the foundation to identify key enhancements required to be initiated to improve the organization’s security and compliance profile.

Self-assessment allows organizations to self-assess using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance Program. ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. The CSF Assurance methodology is used and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the certification report.

Learn about the HITRUST CSF from the Team of Compliance and Cyber Security experts at ecfirst. Schedule a complimentary executive brief (Webinar) to walk thru key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and finally walk-thru the certification process. Knowledge transfer is at the core for all ecfirst client engagements. The journey of addressing HITRUST requirements may be challenging, and the requirements are comprehensive. We look forward to establishing ecfirst as your trusted partner within your enterprise.


This free webinar will outline for you:
  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.
For more details, please contact John.Schelewitz@ecfirst.com

HITRUST Cybersecurity Strategy Workshop

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.”

“Strength of the program was the interaction.”

“The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Strength of the program was the foundation provided for future direction for compliance and cyber security.”

I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

Interactivity was a strength of the program.”

“Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The overall complexity of HITRUST was covered well in the program.”

“Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.”

“Knowledge based, fast paced, easy to follow. Very informative course!!!”

“The practical aspect of the workshop was important.”

“The overview of HITRUST was well done.”

“Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Fun, good presenters, good presentation material.”

“Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.”

Private, Onsite Workshop at a large Health System, June 2017



Trusted by the industry with proven methodology and results


Years of experience


People trained & certified
by ecfirst


Satisfied Customers

In the News

Pabrai Congratulated as Top Speaker in 2017, ISACA Asia Pacific Conference, Dubai, UAE


CCSA℠ Program Confirmed at The HIPAA Summit, Washington, DC, March 27, 2018

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), CCSFP (HITRUST) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.