Self Assessment
A self assessment allows both healthcare organizations and their business associates to benefit from a low-cost and industry-accepted approach to assessing the state of their information protection practices and communicating the results in simple terms internally and to third parties.
Organizations choosing to conduct a self assessment can do so by licensing the HITRUST Common Health Information Protection (CHIP) Questionnaire. By utilizing the CHIP Questionnaire, organizations will benefit from an innovative, new approach over traditional check box assessments by focusing on the key measures that will reflect the maturity of a security program and highlight control weaknesses that are most likely to result in a breach.
Upon submission of the completed questionnaire to HITRUST, organizations will receive a CSF Validated report with the assessment results that can be used to report the state of their security to multiple internal and external parties (e.g., state and federal agencies, HIOs, customers, healthcare organizations, business associates). HITRUST offers both a single use and multi-use option for organizations wanting to communicate the assessment results to third parties. Organizations wishing to undergo a remote or onsite assessment must engage with a HITRUST CSF Assessor.
HITRUST offers two pricing options based on the reporting needs for organizations choosing to conduct self assessments. For $500, qualified organizations* can purchase a license to the CHIP Questionnaire, submit the completed questionnaire to HITRUST, and receive a CSF Validated report that may be distributed one time. This option is not available to unqualified organizations. For organizations wishing to have unlimited distribution of the report, a Professional subscription to HITRUST Central can be purchased for $2,375 for qualified organizations or $3,375 for unqualified organizations. A Professional subscription also provides access to the online, interactive version of the HITRUST Common Security Framework (CSF) and the CSF Assurance Toolkit, which includes the CHIP Questionnaire as well as the CSF Compliance Worksheet and supplemental assessment templates. Contact sales@HITRUSTalliance.net for more information.
License the CHIP Questionnaire.
Purchase a Professional subscription to HITRUST Central.
* A qualified organization is any organization employing a function or activity involving the use or disclosure of individually identifiable health information, provided that said organization does not provide technology or security products or services. Additionally, any federal, state, or local agency or department may qualify for a Standard subscription. HITRUST has the right to verify eligibility.
Read the data sheet to learn more about the benefits of conducting a self assessment and becoming CSF Validated.
