"> What is HITRUST CSF® Certification and Does My Organization Need It? – Drummond Group

What is HITRUST CSF® Certification and Does My Organization Need It?

What is HITRUST CSF® Certification and Does My Organization Need It? 600 445 Drummond Group

You’ve just been told by some healthcare company you hope to do business with that you need HITRUST CSF Certification for them to consider your organization. Suddenly the words “what is HITRUST?” are echoing through your brain. As you Google HITRUST® you are probably finding the information is creating more questions.

Organizations including Anthem, Health Care Services Corp., Highmark, Blue Cross Blue Shield, Humana, and UnitedHealth Group require their business associates to obtain HITRUST CSF Certification to protect patient health information. As data breaches are the highest in the healthcare industry, it is important to protect patient safety and privacy.

Organizations are realizing that securing data and being able to demonstrate that compliance with international standards is no longer an option but a requirement.  As the number of data breaches and the theft of personal information continues to increase, certifications such as HITRUST are gaining in popularity as they set standards for security, privacy, and compliance.

HITRUST, which was founded back in 2007. The mission behind HITRUST is to safeguard sensitive information, manage information risk, and establish unified compliance standards for organizations across all sectors, throughout the third-party supply chain.

In January 2020, HITRUST updated guidance for the assessment of HITRUST CSF control requirements using the HITRUST CSF control maturity model, evaluation, and scoring methodology.

HITRUST also provided a more robust version of its original HITRUST CSF control maturity scoring rubric by addressing each level of the HITRUST CSF maturity model independently. This improved scoring rubric helps our assessors work with your team to apply HITRUST assessment guidance appropriately and to improve internal and external consistency of maturity ratings and scores.

Everyone on the Drummond team has extensive experience with the latest HITRUST requirements, the HITRUST MyCSF®, and the HITRUST Scoring Rubric.  Our assessors are ready to help you ensure your information risk management programs meet the HITRUST requirement for the validated assessment.  A HITRUST CSF Certification is good for 2 years.  You can get certified now on version 9.4 and be certified until 2023.

Ensure success with Drummond HITRUST Services, fill out the form to schedule a free one-hour consultation with our HITRUST expert to get started on your journey.


Consult with a HITRUST Assessor.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.