Complimentary HITRUST Executive Brief: Getting Started!
Fast-paced facts about HITRUST processes & timelines (29 min.)

Private HITRUST 1-Day CSF Strategy Workshop.
Ideal for CIO, CTO, ISO/CISO, Compliance, Legal, and IT Leadership

Complimentary seat(s) in an industry-leading program
Certified HIPAA Professional (CHP)
Certified Security Compliance Specialist™ (CSCS™)
Certified Cyber Security Architect℠ (CCSA℠)

Knowledge transfer throughout the HITRUST engagement

Easy and immediate access to the ecfirst Chief Executive to address any requirements

Unconditional guarantee of your complete satisfaction!

Path to HITRUST CSF Certification


Thank you again for the presentation by Pabrai at the HITRUST 2019 Global Conference in Texas. My opinion was that Pabrai delivered the best presentation of the conference. Very professional, thoughtfully constructed, and presented with passion.
Neal Francom | Compliance and Audit
OODA Health

Private (1-day) on-site
HITRUST Strategy Workshop



The HITRUST CSF is a flexible security framework that effectively and consistently simplifies the main processes of the compliance cycle—scoping, information collection, evaluation, reporting—while offering demonstrable efficiency and cost-containment.

HITRUST certification offers assurance to organizations and their partners and clients of the thoroughness, accuracy, consistency, and repeatability of their risk and compliance assessment activities. Only pre-qualified, HITRUST-certified professional service firms are authorized to assist in HITRUST validation and certification. Initially developed for use in the healthcare industry, the HITRUST CSF is now industry-agnostic and open for any organization to seek certification.

I attended Pabrai’s HITRUST (Kaizen) at the HITRUST 2019 Global Conference. I thought it was the best session of the show. I appreciated the approach and content.
Todd Heinz | Enterprise Security Risk Management Practice
Heartland Business Systems

  • A common, standardized methodology to measure risk and compliance
  • Designed for any type or size of organization
  • Utilizes a risk-based approach to selecting the controls for assessment
  • Facilitates a simplified compliance assessment and reporting process by allowing for a customised assessment scope based on applicable federal, state, and global industry requirements

What is MyCSF?

The MyCSF tool, available through HITRUST, makes it easier and more cost-effective for an organization to manage its information risk and comply with international, federal and state regulations regarding privacy and security. This tool provides organizations of all sizes with a secure, web-based solultion for performing risk assessments, corrective action plan management, and benchmarking.

What is My CSF

HITRUST Self-Assessment

The HITRUST Self-Assessment process enables an organization to establish a baseline of the current state of their policies, processes and controls – all of which are formally documented. ecfirst can assist your organization every step of the way as you go through this process and address HITRUST requirements. The Self-Assessment provides the foundation to identify key enhancements required to improve the organization’s security and overall compliance profile.

The CSF Framework

  • A comprehensive, flexible, and efficient approach to regulatory compliance and risk management
  • Consolidates international, federal, and state regulations into one overarching security framework
  • Provides structure, clarity and consistency, and reduces compliance burden
  • Currently on Version 9.2, the framework is organized into 14 Control Categories, 45 Control Objectives, and 149 Control Specifications

HITRUST Validation & Certification

A validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. HITRUST utilizes the CSF Assurance methodology and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the validated report.
ecfirst is well-poised to support your efforts throughout the entire assessment process.

HITRUST Executive Brief | Complimentary

Learn about the HITRUST CSF from the compliance and cybersecurity experts at ecfirst. Schedule a complimentary Executive Brief (webinar) to walkthrough key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and the certification process. Knowledge transfer is at the core of all ecfirst client engagements. The journey to address the comprehensive HITRUST requirements can be challenging. We look forward to establishing ecfirst as your trusted partner within your enterprise.

HITRUST CSF Process Flow


Training & Certification

  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

Applying HITRUST CSF for HIPAA Compliance

A prescriptive security standard. Comprehensive requirements. Addresses a multitude of regulations, including state mandates. In this brief,
  • Review components of the HITRUST CSF standard
  • Step thru the MyCSF application
  • Examine how to organize a HITRUST engagement

HITRUST: Policies, Procedures & Implementation

Analyse how to determine Information Security Management Policies, Procedures & Implementation of HITRUST. Determine the maturity levels of each requirements. In this brief,
  • Analyse the scope of HITRUST Maturity Levels
  • How to manage security for information by identifying policies & procedures.

HITRUST: Stepping thru the MyCSF Application

Addresses mandates of HITRUST CSF & provides web-based solution for accessing the CSF. In this brief,
  • Getting Started with HITRUST CSF
  • About MyCSF and its Scope
  • Step thru the Factors & Domains

HITRUST Examining CSF v9 and v9.1

Understand HITRUST CSF v9 framework & significant changes of CSF Controls. In this brief,
  • Examine HITRUST CSF v9 & expanded framework which enables NIST Cybersecurity
  • Walk thru about added & removed CSF Controls
  • Review the introduction of HITRUST CSF v9.1

HITRUST: Nine Key Steps to Certification

Establishing the organizational requirements to determine the scope and structure of the assessment & project management tools. In this brief,
  • Review the methodology of CSF Assessment
  • Determine the Process Flow of 9 Steps Assessment

To attend the above webinars, please contact


This free webinar will outline for you:
  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.
For more details, please contact

“ecfirst is a great partner for P3 Health Partners as we work towards HITRUST certification. We started with an extremely tight time frame which required all involved to be focused and dedicated to our objective. ecfirst has been a dedicated partner and provided whatever resources were needed for us to accomplish our goals. Every person from ecfirst has been professional and knowledgeable. They have continuously gone up and beyond expectations and truly been a partner that cares about their clients. I look forward to our continued partnership because I know they have our best interest in mind.”
Devery Goodey, Vice President of Information Systems
P3 Health Partners

“I just wanted to take a moment and say thank you. Thank you and the excellent team at ecfirst for hard work, late hours, and diligence during the first round of our HITRUST certification, and now working on our annual risk management and HIPAA compliance assessment.”

“We at BRG are always looking to improve and enhance our compliance and cybersecurity posture. This is an area of executive and strategic priority for our organization to secure confidential client information. From HIPAA compliance, cybersecurity pen tests, to the HITRUST certification engagement, we have found ecfirst to be an exceptional partner that labored incredibly hard for us, with us. The ecfirst insight and diligence to ensuring HITRUST certification mandates are met led to us completing our engagement on budget and time. We look forward to deeper collaboration with ecfirst in the cybersecurity space in the future. I know you are personally committed and engaged to ensure BRG success with each engagement. I continue to recommend ecfirst highly and often!”
Chip Goodman, Vice President of Information Technology
Berkeley Research Group, LLC

“BrightOutcome is focused in improving patient health outcomes across the continuum of care. BrightOutcome is deeply committed to securing patient information across our systems and Web-based applications. We have been working with Ali Pabrai and his wonderful team at ecfirst since 2012.”

“The ecfirst team literally helped us build our HIPAA practices from ground up, allowing us to offer secure HIPAA-compliant eHealth and health IT solutions to our customers across the U.S. We are actively taking the logical next step in working with ecfirst to pursue the HITRUST certification in order to further expand our market. We see the partnership with ecfirst as an integral part of our business strategy and have been extremely satisfied with the quality and value of the services that ecfirst has rendered.”
DerShung Yang, PhD, Founder & President

“I have 20+ years of experience in the Healthcare IT industry in a variety of roles including Cybersecurity software and services. During this time, I have seen numerous speakers on the topic of Cybersecurity and Ali Pabrai is among the best.”

“He covers the state of the industry, healthcare-specific regulations, process, product, best practices and call- to-action takeaways in a manner that can be understood at multiple levels including technical, clinical, supply chain, and executive.”

“Ali also weaves in stories and humor to keep the audience engaged on what can be a dry yet frightening topic. I highly recommend Ali Pabrai as a speaker, trainer and consultant in this area.”
Chris Liburdi, Director – Business Development
Srcg Ops – Business Technology

“Provant Health partnered with ecfirst to build a plan and assist in executing it with the goal of achieving HITRUST certification.”

“Ali Pabrai and his team were flexible, collaborative, and most importantly patient as we worked to educate our management team and key employees on the meaning and value of HITRUST. Due to many internal corporate changes, the first phase of the project took much longer than planned but ecfirst stayed with us the whole way. They pushed our team when needed but also stepped back and gave us room at times.”

“I’d recommend ecfirst to any company who wants to understand HITRUST or work on assessing and remediating their processes and systems in preparation for certification.”
Tom Basiliere, Chief Information Officer
Provant Health

HITRUST Cybersecurity Strategy Workshop

“The course is very informative. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Amanda Geers
Hoag Hospital

“Better understanding of HITRUST connection between Policies, Procedures and Evidence. Overall rating of the Course: 9. Overall rating of the Instructor: 9.”
Ronnie Beekee
Hoag Hospital

“Good Information. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
James Ablan Go
Hoag Hospital

“Good overview of security to achieve HITRUST maturity. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Waleed Bassyoni
Hoag Hospital

“Very well-structed and helped me to understand easily. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dara Huston
DMN Tech

“Broad real-world experience, not just technical overlay. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Christina Whitlock
H3 Strategies

“Clearly outlined the HITRUST compliance program, and the importance of scoping. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dhara Shah

“The workshop helped me to understand technical aspects clearly. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Shahram Ghobadi

“The workshop explained me the value of HITRUST. The course solidified my desire to obtain this certification. Overall rating of the Course: 9. Overall rating of the Instructor: 10.”
Ken Mickelson
Printer Logic

“The topics helps us to become HITRUST professional. I have gone through the CHP and CSCSTM. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Chris Bosque
Printer Logic

“Before coming to the course, I knew little. But at the end of the course, I just nailed it than I thought. Showed the process and what to expect with HITRUST. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Soh Beela
Printer Logic

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.”

“Strength of the program was the interaction.”

“The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Strength of the program was the foundation provided for future direction for compliance and cyber security.”

I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

Interactivity was a strength of the program.”

“Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The overall complexity of HITRUST was covered well in the program.”

“Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.”

“Knowledge based, fast paced, easy to follow. Very informative course!!!”

“The practical aspect of the workshop was important.”

“The overview of HITRUST was well done.”

“Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Fun, good presenters, good presentation material.”

“Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.”



In the News

Medical IoT Cybersecurity Solution: ecfirst Partners with Culinda!


The Art of Active Cyber Defense, Featured Presentation by Ali Pabrai at Africa ISACA’s CACS Conference | Aug 19, 2019.

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), CCSFP (HITRUST) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.