The first step is to determine whether your organization is eligible for Hitrust certification. To be eligible, your organization must:
1. Be a covered entity or business associate under HIPAA
2. Have a current and valid HIPAA Security Rule certification
3. Be in compliance with the HITRUST CSF and have no outstanding corrective action plans
If your organization is eligible for Hitrust certification, the next step is to complete a self-assessment to identify your current level of compliance with the HITRUST CSF. This self-assessment is called a “gap analysis.”
Once you have completed your gap analysis, you will need to submit an application to Hitrust. This application includes a fee and documentation demonstrating your organization’s compliance with the HITRUST CSF.
The Hitrust Alliance offers a number of resources to help organizations understand the benefits of certification and the associated costs. For example, the organization’s website provides an overview of the certification process and requirements, as well as a cost calculator to help organizations estimate the expenses associated with becoming certified. Additionally, the Hitrust Alliance offers webinars and in-person events that provide valuable information on the certification process and how to maximize its benefits. Finally, the organization’s staff is available to answer questions and provide assistance throughout the certification journey.
To become Hitrust certified, organizations must first complete a self-assessment to determine their current level of compliance with the Hitrust Common Security Framework (CSF). Once the assessment is complete, organizations can begin working with a Certified CSF Assessor, who will help them develop and implement a tailored security program that meets the requirements of the Hitrust CSF. The cost of certification will depend on the size and complexity of the organization, as well as the assessor’s fees. However, Hitrust estimates that certification will typically cost between $25,000 and $50,000. This cost includes the fee for the assessment, as well as any necessary consulting or training services. In addition, organizations will need to maintain their certification by paying an annual maintenance fee, which is typically around $5,000. Learn more about Hitrust certification cost from TrustNet