HITRUST Certification

HITRUST Certification, in accordance with our mission, is fundamentally geared towards bettering the information security programs and governance for the healthcare industry. HITRUST designed the Certification program in a phased approach to allow organizations to become certified initially and continually improve as the CSF evolves. Phase 1 Certification focuses on mitigating the top issues the industry is struggling with that are resulting in the most significant breaches of protected health information.

The HITRUST Certification requirements are developed based on ISO 27006:2007 and enhanced incorporating the expertise and best practices of top services firms and certifying organizations. This ensures a practical approach to Certification is taken, allowing organizations of varying size and complexity to become certified.

Certification Tiers

HITRUST Certification includes two tiers, which have been prioritized based on the size and the volume of business of an organization. This requires organizations with a higher threat exposure and increased potential risk to be certified by a HITRUST Accredited third party assessor.

Organizations seeking certification must also have an authorized representative submit a completed Certification Registration Form to certification@HITRUSTalliance.net or by fax to (800) 587-2241.

View a complete list of certification guidelines in the HITRUST Certification Guidelines

HITRUST Central

Access the CSF and subscribe to the online community specifically for healthcare information security professionals.

CSF Assurance Program

Learn how the program simplifies compliance assessment and reporting through a common set of information security requirements.

News Events