HT CSF SERVICE

Complimentary HITRUST Executive Brief: Getting Started!
Fast-paced facts about HITRUST processes & timelines (29 min.)

Private HITRUST 1-Day CSF Strategy Workshop.
Ideal for CIO, CTO, ISO/CISO, Compliance, Legal, and IT Leadership

Complimentary seat(s) in an industry-leading program
Certified HIPAA Professional (CHP)
Certified Security Compliance Specialist™ (CSCS™)
Certified Cyber Security Architect℠ (CCSA℠)

Knowledge transfer throughout the HITRUST engagement

Easy and immediate access to the ecfirst Chief Executive to address any requirements

Unconditional guarantee of your complete satisfaction!

Path to HITRUST CSF Certification

HITRUST

Thank you again for the presentation by Pabrai at the HITRUST 2019 Global Conference in Texas. My opinion was that Pabrai delivered the best presentation of the conference. Very professional, thoughtfully constructed, and presented with passion.
Neal Francom | Compliance and Audit
OODA Health

Private (1-day) on-site
HITRUST Strategy Workshop

HITRUST

What is HITRUST CSF?

The HITRUST CSF is a flexible security framework that effectively and consistently simplifies the main processes of the compliance cycle—scoping, information collection, evaluation, reporting—while offering demonstrable efficiency and cost-containment.

HITRUST certification offers assurance to organizations and their partners and clients of the thoroughness, accuracy, consistency, and repeatability of their risk and compliance assessment activities. Only pre-qualified, HITRUST-certified professional service firms are authorized to assist in HITRUST validation and certification. Initially developed for use in the healthcare industry, the HITRUST CSF is now industry-agnostic and open for any organization to seek certification.

I attended Pabrai’s HITRUST (Kaizen) at the HITRUST 2019 Global Conference. I thought it was the best session of the show. I appreciated the approach and content.
Todd Heinz | Enterprise Security Risk Management Practice
Heartland Business Systems

  • A common, standardized methodology to measure risk and compliance
  • Designed for any type or size of organization
  • Utilizes a risk-based approach to selecting the controls for assessment
  • Facilitates a simplified compliance assessment and reporting process by allowing for a customised assessment scope based on applicable federal, state, and global industry requirements

What is MyCSF?

The MyCSF tool, available through HITRUST, makes it easier and more cost-effective for an organization to manage its information risk and comply with international, federal and state regulations regarding privacy and security. This tool provides organizations of all sizes with a secure, web-based solultion for performing risk assessments, corrective action plan management, and benchmarking.

What is My CSF

HITRUST Self-Assessment

The HITRUST Self-Assessment process enables an organization to establish a baseline of the current state of their policies, processes and controls – all of which are formally documented. ecfirst can assist your organization every step of the way as you go through this process and address HITRUST requirements. The Self-Assessment provides the foundation to identify key enhancements required to improve the organization’s security and overall compliance profile.

The CSF Framework

  • A comprehensive, flexible, and efficient approach to regulatory compliance and risk management
  • Consolidates international, federal, and state regulations into one overarching security framework
  • Provides structure, clarity and consistency, and reduces compliance burden
  • Currently on Version 9.2, the framework is organized into 14 Control Categories, 45 Control Objectives, and 149 Control Specifications

HITRUST Validation & Certification

A validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. HITRUST utilizes the CSF Assurance methodology and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the validated report.
ecfirst is well-poised to support your efforts throughout the entire assessment process.

HITRUST Executive Brief | Complimentary

Learn about the HITRUST CSF from the compliance and cybersecurity experts at ecfirst. Schedule a complimentary Executive Brief (webinar) to walkthrough key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and the certification process. Knowledge transfer is at the core of all ecfirst client engagements. The journey to address the comprehensive HITRUST requirements can be challenging. We look forward to establishing ecfirst as your trusted partner within your enterprise.

HITRUST CSF Process Flow

HITRUST CSF Controls

Training & Certification

NIST
  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
CSCS
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
CCSA
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

Applying HITRUST CSF for HIPAA Compliance

A prescriptive security standard. Comprehensive requirements. Addresses a multitude of regulations, including state mandates. In this brief,
  • Review components of the HITRUST CSF standard
  • Step thru the MyCSF application
  • Examine how to organize a HITRUST engagement

HITRUST: Policies, Procedures & Implementation

Analyse how to determine Information Security Management Policies, Procedures & Implementation of HITRUST. Determine the maturity levels of each requirements. In this brief,
  • Analyse the scope of HITRUST Maturity Levels
  • How to manage security for information by identifying policies & procedures.

HITRUST: Stepping thru the MyCSF Application

Addresses mandates of HITRUST CSF & provides web-based solution for accessing the CSF. In this brief,
  • Getting Started with HITRUST CSF
  • About MyCSF and its Scope
  • Step thru the Factors & Domains

HITRUST Examining CSF v9 and v9.1

Understand HITRUST CSF v9 framework & significant changes of CSF Controls. In this brief,
  • Examine HITRUST CSF v9 & expanded framework which enables NIST Cybersecurity
  • Walk thru about added & removed CSF Controls
  • Review the introduction of HITRUST CSF v9.1

HITRUST: Nine Key Steps to Certification

Establishing the organizational requirements to determine the scope and structure of the assessment & project management tools. In this brief,
  • Review the methodology of CSF Assessment
  • Determine the Process Flow of 9 Steps Assessment

To attend the above webinars, please contact Kris.Laidley@ecfirst.com

HITRUST CSF 2018 News

This free webinar will outline for you:
  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.
For more details, please contact Kris.Laidley@ecfirst.com


“ecfirst is a great partner for P3 Health Partners as we work towards HITRUST certification. We started with an extremely tight time frame which required all involved to be focused and dedicated to our objective. ecfirst has been a dedicated partner and provided whatever resources were needed for us to accomplish our goals. Every person from ecfirst has been professional and knowledgeable. They have continuously gone up and beyond expectations and truly been a partner that cares about their clients. I look forward to our continued partnership because I know they have our best interest in mind.”
Devery Goodey, Vice President of Information Systems
P3 Health Partners



“I just wanted to take a moment and say thank you. Thank you and the excellent team at ecfirst for hard work, late hours, and diligence during the first round of our HITRUST certification, and now working on our annual risk management and HIPAA compliance assessment.”

“We at BRG are always looking to improve and enhance our compliance and cybersecurity posture. This is an area of executive and strategic priority for our organization to secure confidential client information. From HIPAA compliance, cybersecurity pen tests, to the HITRUST certification engagement, we have found ecfirst to be an exceptional partner that labored incredibly hard for us, with us. The ecfirst insight and diligence to ensuring HITRUST certification mandates are met led to us completing our engagement on budget and time. We look forward to deeper collaboration with ecfirst in the cybersecurity space in the future. I know you are personally committed and engaged to ensure BRG success with each engagement. I continue to recommend ecfirst highly and often!”
Chip Goodman, Vice President of Information Technology
Berkeley Research Group, LLC



“BrightOutcome is focused in improving patient health outcomes across the continuum of care. BrightOutcome is deeply committed to securing patient information across our systems and Web-based applications. We have been working with Ali Pabrai and his wonderful team at ecfirst since 2012.”

“The ecfirst team literally helped us build our HIPAA practices from ground up, allowing us to offer secure HIPAA-compliant eHealth and health IT solutions to our customers across the U.S. We are actively taking the logical next step in working with ecfirst to pursue the HITRUST certification in order to further expand our market. We see the partnership with ecfirst as an integral part of our business strategy and have been extremely satisfied with the quality and value of the services that ecfirst has rendered.”
DerShung Yang, PhD, Founder & President
BrightOutcome


“I have 20+ years of experience in the Healthcare IT industry in a variety of roles including Cybersecurity software and services. During this time, I have seen numerous speakers on the topic of Cybersecurity and Ali Pabrai is among the best.”

“He covers the state of the industry, healthcare-specific regulations, process, product, best practices and call- to-action takeaways in a manner that can be understood at multiple levels including technical, clinical, supply chain, and executive.”

“Ali also weaves in stories and humor to keep the audience engaged on what can be a dry yet frightening topic. I highly recommend Ali Pabrai as a speaker, trainer and consultant in this area.”
Chris Liburdi, Director – Business Development
Srcg Ops – Business Technology


“Provant Health partnered with ecfirst to build a plan and assist in executing it with the goal of achieving HITRUST certification.”

“Ali Pabrai and his team were flexible, collaborative, and most importantly patient as we worked to educate our management team and key employees on the meaning and value of HITRUST. Due to many internal corporate changes, the first phase of the project took much longer than planned but ecfirst stayed with us the whole way. They pushed our team when needed but also stepped back and gave us room at times.”

“I’d recommend ecfirst to any company who wants to understand HITRUST or work on assessing and remediating their processes and systems in preparation for certification.”
Tom Basiliere, Chief Information Officer
Provant Health


HITRUST Cybersecurity Strategy Workshop

“Great awareness. Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Cynthia Hennig
Certino LLC

“It was great that the HITRUST Team was also there to answer questions. Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Keith M Rowlings
Vanderbilt University Medical Centre

“Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Dante Ranada
AccentCare

“Level of HITRUST experts in the Workshop on the subject was a strength of the program. Overall Rating of the Instructor: 10.”
Kyle Patranella
US Health

“MYCSF demo was very beneficial to see what a practical implementation looks like.”
Nathan Staub
US Health

“Good introduction at the beginning. The MYCSF demo was very helpful. Overall Rating of the Instructor: 10.”
Chris Robison
US Health

“Absolutely excited about the HITRUST Framework. Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
James Estrada
Retired CISO

“Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Eric Izuora
Parkland Hospital

“Great Information. Good job. Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Michael R. Smith
Parkland Hospital

“Strong introduction into the use of HITRUST. Overall Rating of the Course: 9. Overall Rating of the Instructor: 9.”
Michael Tharp
Atos

“Well prepared. Informative on how HITRUST can help the organisation and how ecfirst can deliver the assessment. Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Eric Woolridge
DHC Central

“Approach and HITRUST coverage was the greatest strength. Overall Rating of the Course: 10. Overall Rating of the Instructor: 10.”
Raj Sundar
ABC

“Great course. Overall Rating of the Course: 9. Overall Rating of the Instructor: 9.”
Victor Adeyeri
Agapevision Tech

“Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
Bhavesh Merai
Walgreens

“Very informative. Provided me great direction on what to do to move organization towards HITRUST Certification. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Tom Streeter
Healthcare Information Management

“Very good overview of HITRUST requirements. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Jeff Beall
Amita Health

“Well prepared. Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
Rob Royse
St. Louis County BPM

“Very informative. Information was detailed, and session very informative. Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
Oai Huynh
Revenuewell Systems LLC

“Very informative. Picked up new information even after being very familiar with the process workflow having gone through it. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Bryan Villanueva
TriOnfo

“Great overview of HITRUST, assessment process and certification process. Ali is an engaging speaker who can make the topic of cybersecurity interesting. This workshop gives a really well-structured high-level overview of HITRUST. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Suresh Krishnan
Mazik Global

“Great presentation with energetic and passionate delivery. Allowed great questions from the audience. Awesome to have matter of fact answers. I hope to learn more about HITRUST and its capabilities in the future, so, I can continue to support my team and manager. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Blandi Lister
Telligen

“The strength of the HITRUST Workshop is pulling the diverse group together and providing excellent training materials. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Villay Himis
Amita Health

“Practical approach to HITRUST journey. Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
D.S. Suresh Kumar
Wishbone Club

“Really informative. Instructors were very knowledgeable; Michael from HITRUST was a great resource to have in the workshop. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Juan Busanest
U.S. Army/Brooke Army N.C.

“In-depth industry knowledge. The workshop provided more insight and information to streamline HITRUST certification. In other-words, the workshop demystified HITRUST. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Vanessa Jacobs
Integration Link LLC

“Flowed well. Discussed current changes to CSF and what is coming on the next 12 months. Ali Pabrai and his Team are very engaging and are really knowledgeable in all steps throughout the HITRUST certification process. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Scott Moherek
BRG

“Depth of knowledge and HITRUST executive onsite were the greatest strength of the program. Valuable to see this available to all ecfirst clients and potential clients. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Chip Goodman
BRG

“The course is very informative. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Amanda Geers
Hoag Hospital

“Better understanding of HITRUST connection between Policies, Procedures and Evidence. Overall rating of the Course: 9. Overall rating of the Instructor: 9.”
Ronnie Beekee
Hoag Hospital

“Good Information. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
James Ablan Go
Hoag Hospital

“Good overview of security to achieve HITRUST maturity. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Waleed Bassyoni
Hoag Hospital

“Very well-structed and helped me to understand easily. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dara Huston
DMN Tech

“Broad real-world experience, not just technical overlay. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Christina Whitlock
H3 Strategies

“Clearly outlined the HITRUST compliance program, and the importance of scoping. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dhara Shah
Student

“The workshop helped me to understand technical aspects clearly. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Shahram Ghobadi

“The workshop explained me the value of HITRUST. The course solidified my desire to obtain this certification. Overall rating of the Course: 9. Overall rating of the Instructor: 10.”
Ken Mickelson
Printer Logic

“The topics helps us to become HITRUST professional. I have gone through the CHP and CSCSTM. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Chris Bosque
Printer Logic

“Before coming to the course, I knew little. But at the end of the course, I just nailed it than I thought. Showed the process and what to expect with HITRUST. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Soh Beela
Printer Logic

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.”

“Strength of the program was the interaction.”

“The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Strength of the program was the foundation provided for future direction for compliance and cyber security.”

I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

Interactivity was a strength of the program.”

“Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The overall complexity of HITRUST was covered well in the program.”

“Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.”

“Knowledge based, fast paced, easy to follow. Very informative course!!!”

“The practical aspect of the workshop was important.”

“The overview of HITRUST was well done.”

“Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Fun, good presenters, good presentation material.”

“Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.”

--------------------------------------------------

ecfirst

In the News

ecfirst Client, Beacon Health Achieves HITRUST & NIST Certification!

Events

Cybersecurity Certification Program Confirmed for Delivery in Des Moines, Nov 6, 2019.

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), CCSFP (HITRUST) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.