HITRUST

DirectTrust is an Authorized HITRUST Assessor specializing in accreditation and certification for healthcare organizations

Use Our Healthcare Accreditation Expertise For Your HITRUST Assessment

HITRUST certification demonstrates your commitment to the highest standards of data privacy and security. HITRUST’s Common Security and Privacy Framework (CSF) contains controls spanning different privacy and security regulations and requirements, as well as international, federal, and state legislation. Within the HITRUST CSF is the Risk-based, 2 Year (r2) Validated Assessment. r2 is recognized by various industry outlets as a gold standard in demonstrating protection and compliance of handling sensitive health information. For instance, the Trusted Exchange Framework and Common Agreement (TEFCA) specifies HITRUST r2 Certification for potential QHINs.

HITRUST authorizes external assessors to perform assessments and services associated with the HITRUST Assurance Program and the HITRUST CSF. DirectTrust is a proud authorized HITRUST assessor, with the unique quality of also being an non-profit accreditation body ourselves.

DirectTrust provides 20+ specific healthcare programs governed by EHNAC which include but are not limited to HIE’s, ePrescribers, clearinghouses and billing organizations. Each program contains many stakeholder specific requirements unique to each program and their data handling responsibilities. While programs are unique, the inclusion of privacy, security, and other healthcare-specific safeguards is consistent.

Our Assessors average 28 years of healthcare experience, and are experts in healthcare accreditation. If you’re looking for a HITRUST Assessor with healthcare accreditation expertise to guide you through the process, look no further than DirectTrust.

Apply for HITRUST

Partner with the healthcare experts at DirectTrust for your HITRUST Assessment

Apply Now

What Our Clients Say

“Because the healthcare industry is continuously faced with data and security issues involving PHI, it is important to us at Alpha II to not only provide credibility, but to also add strength to our technology solutions. The HITRUST CSF® certification of our solutions proves our commitment to maintaining the integrity of healthcare data for our partners and clients by providing a stamp of approval from a recognized independent source. EHNAC’s HITRUST Assessor has been instrumental in helping Alpha II complete our HITRUST Certification and HITRUST Interim Review in a timely manner.”

-Stuart Newsome, CPCO, VP, Corporate & Client Experience, Alpha II

“MedAllies decided to pursue HITRUST CSF certification to achieve security maturity levels meeting both industry best practices and regulatory requirements. Based on excellent past experiences with EHNAC, MedAllies chose to partner with them again as its HITRUST third party assessor. While the HITRUST process can be rigorous from attestation to validation with its breadth of domains and controls, EHNAC has made the experience as efficient as could be with utmost professionalism and deep knowledge of the framework.”

-Ethan Yehud, Chief Information Security Officer, MedAllies

Why choose DirectTrust as your HITRUST Assessor?

By selecting DirectTrust as your organization’s HITRUST Assessor, you’ll have a healthcare accreditation expert as your partner. 

DirectTrust Assessors are also HITRUST Practitioners, meaning that, in many cases, the review process to obtain HITRUST CSF certification and DirectTrust accreditation governed by EHNAC is likely to be streamlined and may reduce costs.

Benefits include:

  • DirectTrust is a non-profit with extensive experience in healthcare accreditation and certification
  • Organizations achieving HITRUST certification have 100% of their privacy and security credited to their DirectTrust accreditation
  • Organizations with existing DirectTrust accreditation have the majority of their HIPAA-related privacy and security controls developed to apply to HITRUST CSF
  • DirectTrust Assessors are also HITRUST Practitioners, making it easier for organizations to undergo audits
  • Obtaining both HITRUST CSF certification and DirectTrust accreditation at the same time significantly reduces the time, expense, and redundancy needed to prepare documentation and undergo required site visits.
  • DirectTrust participates in key HITRUST workgroups, influencing the privacy and security requirements in future CSF versions.

Are you looking for hands-on support to help you through the pre-assessment steps, readiness planning process and more? Learn about our Consulting and Advisory Services which have been designed to support HITRUST Certification.

Learn Why DirectTrust Should be Your Assessor

Apply for HITRUST Assessment

DirectTrust is proud to be an Authorized External Assessor for HITRUST Assessment.  Our experience in health tech accreditation and certification, as well as our non-profit status, makes us an experienced and standout HITRUST Assessor choice. 

To move forward with DirectTrust as your HITRUST Assessor, follow the steps in the following tabs. 

Complete your DirectTrust Accreditation Application

Begin the process of selecting DirectTrust as your HITRUST Assessor by completing the DirectTrust Accreditation Application, available here.

Purchase “MyCSF Subscription and Report” from HITRUST

Purchased at least the Professional license level of MyCSF by filling out the form on this HITRUST page or calling HITRUST at 855-448-7878.

Learn about the HITRUST Process and MyCSF Tool

More information about the HITRUST MyCSF tool is available in these tutorial videos from HITRUST.  

Complete Administrative and Scoping Information

Once a subscription to MyCSF has been obtained, enter your organization’s Administrative and Scoping Information (also known as “Risk Factors”) into MyCSF (go to 4:25 in the MyCSF video).  Within that section, ensure the following:

  • Select one of the following as the Assessment Option:
    • CSF Security Assessment,
       CSF Security & Privacy Assessment,
       CSF Comprehensive Security Assessment, or
       CSF Comprehensive Security & Privacy Assessment
  • Select “Validated Assessment” as the Assessment Type
    • By selecting Validated Assessment as the Assessment Type, you will in the end either receive a Validated Report or a Validated Report with Certification, depending on your score.
  • Select DirectTrust as the Assessor Organization

After completing the Factors section, press the “Preview Assessment Count” (not shown in the video, but found at the bottom of the Factors screen) to see the number of Requirement Statements (also known as “Implementation Requirements”) that will be assessed. This number must be reported to DirectTrust for scoping and pricing purposes.

Statement of Work (SOW) 

DirectTrust will create and send candidates a Statement of Work, which will review pricing and review the scope of work to be completed. A call will be scheduled to review the SOW and determine any adjustments necessary to finalize, approve and execute the SOW and commence the assessment with the agreed upon timeline.

Complete Validated Assessment and Participation Agreement Forms

Within the MYCSF tool complete theses forms to demonstrate the relationship between the Candidate and the Assessor:

  • HITRUST Validated Assessment Form
  • 3rd Party Participation Agreement

Identity FAQs

Learn More about DirectTrust Identity

Trust Frameworks

Learn More about Trust Frameworks