"> HITRUST FAQs – Drummond Group

HITRUST FAQs

  • The Health Information Trust Alliance (HITRUST®) is an independent non-profit company that acts as a certification body for healthcare organizations and those providing services to healthcare organizations. www.hitrustalliance.net

  • Healthcare organizations such as CVS Caremark, Health Care Services Corp., Highmark, Humana, United Healthcare Group, and WellPoint now require their service providers to be HITRUST certified.

  • The HITRUST Common Security Framework (CSF), developed in collaboration with healthcare and security experts, is a certifiable, information security framework that provides organizations with an actionable roadmap tailored to the unique needs of the healthcare industry. To date, the HITRUST CSF is the most widely adopted security framework in the U.S. healthcare industry and has become the de facto standard. For more information on the HITRUST standard go to: www.hitrustalliance.net

  • The latest CSF® can be downloaded here: https://hitrustalliance.net/hitrust-csf/

  • Becoming HITRUST® certified is a significant competitive advantage and is becoming necessary to perform services in the healthcare field. Many healthcare organizations are now requiring their Business Associates/Service Providers that either capture, store, or process Protected Health Information (PHI) to become HITRUST® CSF® Certified. This is a necessary step to ensure that their Business Associates/Service Providers have established adequate controls to protect PHI and comply with the HIPAA Privacy, Security, and HITECH regulations. The number of controls that will be scope will depend on the answers provided in your HITRUST® Scoping Spreadsheet. Please answer the HITRUST® Scoping Questionnaire that we will send once you fill out our Registration.

  • At a minimum you must show you have a policy, procedure, and proof of implementation for each in-scope control.

  • It takes approximately six months to get certified.

  • It takes four to six weeks for HITRUST® to do their quality assurance review and issue the certification report.

  • Our fee depends on the number of HITRUST® CSF® controls in scope. To assess this, we start with the HITRUST® Scoping Questionnaire.

  • The HITRUST® fee is based on your annual revenue. We will provide a pricing sheet as a part of the process.

  • We have created a set of ten screening questions to ensure that you get the best fit with your HITRUST® Assessor.

  • Yes, our system has been developed over the last four years to get your organization HITRUST® Certified as quickly and inexpensively as possible.

  • Yes, we guide you every step of the way. Our Drummond proven methodology and process includes daily collaboration with your assigned HITRUST® Assessor.

  • We’ve worked with companies of all types, including cloud providers, data analytic companies, data centers, third party processors, health care organizations, SaaS providers, print companies, medical device companies, and wellness companies.

  • Absolutely! We have a lot of happy customers. We will be happy to provide references.

  • We provide our services to clients all over the world, but the Drummond Group only uses U.S. based HITRUST® Practitioners.

  • No, all our resources are HITRUST® Certified Assessors.

  • We only use senior HITRUST® Assessors with 20+ years of experience. Our Assessors have the leading industry security and compliance certifications.

  • A lot of organizations overlook this aspect. You are going to be working with your HITRUST® Assessor for quite a while. Our people are pleasant to work with, and have a good sense of humor, just ask our references.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.