HITRUST Common Security Framework (CSF) is an industry standard for healthcare organizations to protect PHI and comply with HIPAA Privacy and Security Rules. ecfirst is a HITRUST authorized CSF Assessor and helps you through the journey of certification, including Self-Assessment, Validation, & Certification.

Hitrust

The HITRUST CSF is a common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing procedures and scoring, and demonstrable efficiencies and cost- containment; and additional assurances around the accuracy, consistency and repeatability of assessments due to the use of pre-qualified professional services firms—all of which is designed to meet the unique regulatory and business needs of the healthcare industry. It is a risk-based approach to selecting HITRUST CSF controls for assessment, including management oversight of the assessment. The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting that addresses healthcare federal, state and industry requirements for both covered entities and their business associates.

The HITRUST self-assessment process enables your organization to establish a baseline of the current state of your policies, processes and controls – all of which are formally documented. We at ecfirst can assist your organization to go through this process and address HITRUST requirements for self-assessment. The self-assessment provides the foundation to identify key enhancements required to be initiated to improve the organization’s security and compliance profile.

Self-assessment allows organizations to self-assess using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance Program. ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. The CSF Assurance methodology is used and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the certification report.

Learn about the HITRUST CSF from the Team of Compliance and Cyber Security experts at ecfirst. Schedule a complimentary executive brief (Webinar) to walk thru key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and finally walk-thru the certification process. Knowledge transfer is at the core for all ecfirst client engagements. The journey of addressing HITRUST requirements may be challenging, and the requirements are comprehensive. We look forward to establishing ecfirst as your trusted partner within your enterprise.

HITRUST CSF Workshop

1-Day Cyber Security & Compliance Brief

Click Here to Read More

Roadmap to HITRUST Certification

A must attend, complimentary, 29-minute Webinar.

Fast-paced, Fact-based, Immediate applicability!

You will learn:

  • What does HITRUST Certification mean?
  • Is my organization positioned for HITRUST Certification?
  • What is the benefit of being HITRUST Certified?
  • How do I get started? What are key steps?

So, whether strategizing first steps or refocusing your direction - this Webinar will put you on the right path!

Konica Minolta: Compliance and Cybersecurity Strategy... Investigating HITRUST

A must attend, complimentary, 29-minute Webinar.

Fast-paced, Fact-based, Immediate applicability!

You will learn:

  • Understand key GDPR requirements and how HITRUST certification address GDPR mandates.
  • Examine HIPAA compliance with HITRUST certification.
  • Step through the application of HITRUST to achieve NIST CsF certification.

So, whether strategizing first steps or refocusing your direction - this Webinar will put you on the right path!


Delivered by global cybersecurity and compliance expert, ecfirst Chief Executive Ali Pabrai (FBI InfraGard member). A highly sought after information security and regulatory compliance expert. Ali has successfully delivered solutions on compliance and information security to organizations worldwide.



HITRUST Certification: Addressing HIPAA, NIST CsF & GDPR

A must attend, complimentary, 29-minute Webinar.

Fast-paced, Fact-based, Immediate applicability!

You will learn:

  • Understand key GDPR requirements and how HITRUST certification address GDPR mandates.
  • Examine HIPAA compliance with HITRUST certification.
  • Step through the application of HITRUST to achieve NIST CsF certification.

Delivered by global cybersecurity and compliance expert, ecfirst Chief Executive Ali Pabrai (FBI InfraGard member). A highly sought after information security and regulatory compliance expert. Ali has successfully delivered solutions on compliance and information security to organizations worldwide.



Applying HITRUST CSF for HIPAA Compliance

A prescriptive security standard. Comprehensive requirements. Addresses a multitude of regulations, including state mandates. In this brief,
  • Review components of the HITRUST CSF standard
  • Step thru the MyCSF application
  • Examine how to organize a HITRUST engagement

HITRUST: Policies, Procedures & Implementation

Analyse how to determine Information Security Management Policies, Procedures & Implementation of HITRUST. Determine the maturity levels of each requirements. In this brief,
  • Analyse the scope of HITRUST Maturity Levels
  • How to manage security for information by identifying policies & procedures.

HITRUST: Stepping thru the MyCSF Application

Addresses mandates of HITRUST CSF & provides web-based solution for accessing the CSF. In this brief,
  • Getting Started with HITRUST CSF
  • About MyCSF and its Scope
  • Step thru the Factors & Domains

HITRUST Examining CSF v9 and v9.1

Understand HITRUST CSF v9 framework & significant changes of CSF Controls. In this brief,
  • Examine HITRUST CSF v9 & expanded framework which enables NIST Cybersecurity
  • Walk thru about added & removed CSF Controls
  • Review the introduction of HITRUST CSF v9.1

HITRUST: Nine Key Steps to Certification

Establishing the organizational requirements to determine the scope and structure of the assessment & project management tools. In this brief,
  • Review the methodology of CSF Assessment
  • Determine the Process Flow of 9 Steps Assessment

To attend the above webinars, please contact John.Schelewitz@ecfirst.com

HITRUST CSF 2018 News

This free webinar will outline for you:
  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.
For more details, please contact John.Schelewitz@ecfirst.com

HITRUST Cybersecurity Strategy Workshop

“Strength of the course is HITRUST methodology, explaining controls and scope. Overall Rating of Course: 9. Overall Rating of Instructor: 8.”
Alan Carrillo
P3 Health Partners

“Course detailed, session interactive and instructor knowledgeable are the strengths of the course. Overall Rating of Course: 9. Overall Rating of Instructor: 10.”
Kristie Harris
P3 Health Partners

“Nice overview of HITRUST benefits and process. Comprehensive overview without being overwhelming. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Sarah Bussmann
P3 Health Partners

“Understand the importance and necessity of HITRUST for our company. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Marci Milstead
P3 Health Partners

“Very well done. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Emily Coriale
P3 Health Partners

“Interactive. Overall rating of course: 9. Overall Rating of Instructor: 9.”
Ambika Kanta
P3 Health Partners

“Example and thorough explanations are the strength of the course. Thanks for taking the time to the training and answering all of our questions. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Elvis Kocillari
P3 Health Partners

“Good overview. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Todd Lefkowitz
P3HP

“Very informative. Overall Rating of Course: 8. Overall Rating of Instructor: 8.”
“Deb was great, answered all of our questions. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Jake Schaeffer
P3HP

“Gained knowledge about the requirement of CSF. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Srisha Kurakula
Beacon Health Options

“It was very informative to learn about HITRUST. Look forward to working together. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Pradeepa Gangadharan
Beacon Health Options

“Informative, good high level overview for users who are not very familiar with HITRUST.”
Erin Holmes
Beacon Health Options

“Very good and informative. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Ramachadran Chatradi
Beacon Health Options

“Better Understanding of HITRUST. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Fabian Velasquez
Beacon Health Options

“Detailed program with examples. Well prepared instructor and session that covered all user needs. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Amit Bansal
Beacon Health Options

“Well prepared. Easy to understand workflow. Good Course. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Curt Bennett
Beacon Health Options

“Comprehensive and broken down into logical, smaller segments. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Ramin Modiramani
Beacon Health Options

“The subject matter was very detailed and informative. Presenter was very knowledgeable on the subject and materials. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Kenneth Darling
Beacon Health Options

“Comprehensive, good visuals. Personable and well-prepared presenters who reviewed complex content in a very understandable manner. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
John Fox
Beacon Health Options

“Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Brenda Ruelas
Amita Health

“Clear instructor and content are the strength of the course. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Nidhi Luthra
Amita Health

“Solid Understanding of HITRUST. Gave me a understanding of HITRUST compared to HITECH, HIPAA and Risk Assessment. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Kenneth McMinn
Scotland County Hospital

“Great information and explanation of how to go through HITRUST certification. Overall Rating of Course: 9. Overall Rating of Instructor: 9.”
Laura Huska
ISI Telemanagement Solutions

“All good content. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Brian Byrnes
Presence Health

“Well prepared slides. It was a great presentation and practical. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Madhav Gogawale
Amita Health

“First time learning about security and policy. Well detailed, thorough, clear to a beginner like me. Sometime repetitive, but the repetition was necessary to drive the main points home. Overall Rating of Course: 9. Overall Rating of Instructor: 10.”
Nila Krishnan

“Overall Rating of Course: 7. Overall Rating of Instructor: 7.”
Jamie Shimarek

“Expertise evident is the strength of the course. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Anil Saldanha
Seamless Technologies Inc.

“Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
John Torr
Cognitive health

“Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
David Degenhart
Amita health

“Experience and expectations of HITRUST are the strength of the course. Overall Rating of Course: 7. Overall Rating of Instructor: 10.”
Ryan Ousey
ROC Biz Tech

“Explanation of HITRUST assessment process is the strength of the course. Very informative and warm workshop. Overall Rating of Course: 10. Overall Rating of Instructor: 10.”
Bryan Villanueva
Trionfo Solutions

“Excellent job Ali! We appreciate your depth of knowledge and guidance for cyber strategy and options to consider. Looking forward to further discussions. Overall rating course: 10. Overall rating of instructor: 10. Strength of program included the breadth of content and correlation to HIPAA, NIST, ISO, and GDPR with HITRUST.”
Roberto Rijos
Konica Minolta Healthcare America (KMHA)

“Overall rating course: 9. Overall rating of instructor: 9 Now able to understand HITRUST and recognize what we need to do next.”
Allen Hiroshiga
Konica Minolta Healthcare America (KMHA)

“Very good Workshop training material. Better knowledge of HITRUST CSF. Overall rating course: 10. Overall rating of instructor: 10. Understandable explanations. Thank you!”
Hiroyuki Kubota
Konica Minolta Healthcare America (KMHA)

“Ali Pabrai delivers the content in an engaging way. Well done! Overall rating course: 10. Overall rating of instructor: 10. Well-structured program. Great overview. Instructor has deep knowledge to respond to specific questions.”
Steve Eisner
Konica Minolta Healthcare America (KMHA)

“Overall rating course: 9. Overall rating of instructor: 10. Covered spectrum of security.”
Tom Deguchi
Konica Minolta Healthcare America (KMHA)

“Covering HITRUST requirements and readiness for completion were the strength of the program. Overall rating course: 10. Overall rating of instructor: 10. “
Johari Barber
Konica Minolta Healthcare America (KMHA)

“Overall rating course: 9. Overall rating of instructor: 9."
Jan Maniscalco
Konica Minolta Healthcare America (KMHA)

“Good information presented in an easy to understand format. Overall rating course: 10. Overall rating of instructor: 10. Knowledgeable instructor. Made it easy to understand the complex world of regulations.”
Todd Hall
Konica Minolta Healthcare America (KMHA)

“The program delivered a real world understanding of HITRUST. Better understand now the steps and approach to take to launch HITRUST. Overall rating course: 10. Overall rating of instructor: 10. Instructor had very good working knowledge of HITRUST. Helped us better understand how to scope and plan for the initial engagement.”
Michael Laconti
Konica Minolta Healthcare America (KMHA)

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.”

“Strength of the program was the interaction.”

“The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Strength of the program was the foundation provided for future direction for compliance and cyber security.”

I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

Interactivity was a strength of the program.”

“Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The overall complexity of HITRUST was covered well in the program.”

“Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.”

“Knowledge based, fast paced, easy to follow. Very informative course!!!”

“The practical aspect of the workshop was important.”

“The overview of HITRUST was well done.”

“Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Fun, good presenters, good presentation material.”

“Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.”

Private, Onsite Workshop at a large Health System, June 2017

--------------------------------------------------

ecfirst

Trusted by the industry with proven methodology and results

18

Years of experience

25,000+

People trained & certified
by ecfirst

1,000+

Satisfied Customers

In the News

Controls Required for HITRUST Certification, HITRUST Advisory from Ali Pabrai.

Events

Cyber Immune Defense, Featured Presentation by Ali Pabrai at ISSA/ISACA/ISC2 Phoenix Security Conference, Sept. 20, 2018

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), CCSFP (HITRUST) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.