HITRUST Services

The HITRUST CSF Assurance Program Delivers simplified compliance assessment & reporting that addresses healthcare federal, state & industry requirements for both covered entities & their business associates.

HITRUST FAQ

The HITRUST CSF is common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing Procedure and scoring

Read More

HITRUST SOW Request

ecfirst is an authorized HITRUST CSF Assessor. Talk to ecfirst about a complimentary 29-minute HITRUST Exec Brief to learn more about HITRUST and the CSF.

Read More

Complimentary! HITRUST Exec Brief

Learn about the HITRUST CSF From the team of Compliance and cyber Security experts at ecfirst. Schedule a complimentary executive brief (webinar) to talk thru key elements of the HITRUST.

Mail Info

HIPAA Compliance & HITRUST CSF Certification

ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor.

Read More

The HITRUST CSF is a common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing procedures and scoring, and demonstrable efficiencies and cost- containment; and additional assurances around the accuracy, consistency and repeatability of assessments due to the use of pre-qualified professional services firms—all of which is designed to meet the unique regulatory and business needs of the healthcare industry. It is a risk-based approach to selecting HITRUST CSF controls for assessment, including management oversight of the assessment. The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting that addresses healthcare federal, state and industry requirements for both covered entities and their business associates.

The HITRUST self-assessment process enables your organization to establish a baseline of the current state of your policies, processes and controls – all of which are formally documented. We at ecfirst can assist your organization to go through this process and address HITRUST requirements for self-assessment. The self-assessment provides the foundation to identify key enhancements required to be initiated to improve the organization’s security and compliance profile.

Self-assessment allows organizations to self-assess using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance Program. ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. The CSF Assurance methodology is used and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the certification report.

Learn about the HITRUST CSF from the Team of Compliance and Cyber Security experts at ecfirst. Schedule a complimentary executive brief (Webinar) to walk thru key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and finally walk-thru the certification process. Knowledge transfer is at the core for all ecfirst client engagements. The journey of addressing HITRUST requirements may be challenging, and the requirements are comprehensive. We look forward to establishing ecfirst as your trusted partner within your enterprise.

Applying HITRUST CSF for HIPAA Compliance

A prescriptive security standard. Comprehensive requirements. Addresses a multitude of regulations, including state mandates. In this brief,
  • Review components of the HITRUST CSF standard
  • Step thru the MyCSF application
  • Examine how to organize a HITRUST engagement

HITRUST: Policies, Procedures & Implementation

Analyse how to determine Information Security Management Policies, Procedures & Implementation of HITRUST. Determine the maturity levels of each requirements. In this brief,
  • Analyse the scope of HITRUST Maturity Levels
  • How to manage security for information by identifying policies & procedures.

HITRUST: Stepping thru the MyCSF Application

Addresses mandates of HITRUST CSF & provides web-based solution for accessing the CSF. In this brief,
  • Getting Started with HITRUST CSF
  • About MyCSF and its Scope
  • Step thru the Factors & Domains

HITRUST Examining CSF v9 and v9.1

Understand HITRUST CSF v9 framework & significant changes of CSF Controls. In this brief,
  • Examine HITRUST CSF v9 & expanded framework which enables NIST Cybersecurity
  • Walk thru about added & removed CSF Controls
  • Review the introduction of HITRUST CSF v9.1

HITRUST: Nine Key Steps to Certification

Establishing the organizational requirements to determine the scope and structure of the assessment & project management tools. In this brief,
  • Review the methodology of CSF Assessment
  • Determine the Process Flow of 9 Steps Assessment
To attend above webinars, please contact Kris Laidley at +1.515.987.4044 ext 25 or Kris.Laidley@ecfirst.com.

HITRUST CSF 2018 News

This free webinar will outline for you:

  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.

For more details, please contact Kris Laidley at +1.515.987.4044 ext 25 or Kris.Laidley@ecfirst.com.



“ecfirst is a great partner for P3 Health Partners as we work towards HITRUST certification. We started with an extremely tight time frame which required all involved to be focused and dedicated to our objective. ecfirst has been a dedicated partner and provided whatever resources were needed for us to accomplish our goals. Every person from ecfirst has been professional and knowledgeable. They have continuously gone up and beyond expectations and truly been a partner that cares about their clients. I look forward to our continued partnership because I know they have our best interest in mind.”
Devery Goodey, Vice President of Information Systems
P3 Health Partners



“I just wanted to take a moment and say thank you. Thank you and the excellent team at ecfirst for hard work, late hours, and diligence during the first round of our HITRUST certification, and now working on our annual risk management and HIPAA compliance assessment.”

“We at BRG are always looking to improve and enhance our compliance and cybersecurity posture. This is an area of executive and strategic priority for our organization to secure confidential client information. From HIPAA compliance, cybersecurity pen tests, to the HITRUST certification engagement, we have found ecfirst to be an exceptional partner that labored incredibly hard for us, with us. The ecfirst insight and diligence to ensuring HITRUST certification mandates are met led to us completing our engagement on budget and time. We look forward to deeper collaboration with ecfirst in the cybersecurity space in the future. I know you are personally committed and engaged to ensure BRG success with each engagement. I continue to recommend ecfirst highly and often!”
Chip Goodman, Vice President of Information Technology
Berkeley Research Group, LLC



“BrightOutcome is focused in improving patient health outcomes across the continuum of care. BrightOutcome is deeply committed to securing patient information across our systems and Web-based applications. We have been working with Ali Pabrai and his wonderful team at ecfirst since 2012.”

“The ecfirst team literally helped us build our HIPAA practices from ground up, allowing us to offer secure HIPAA-compliant eHealth and health IT solutions to our customers across the U.S. We are actively taking the logical next step in working with ecfirst to pursue the HITRUST certification in order to further expand our market. We see the partnership with ecfirst as an integral part of our business strategy and have been extremely satisfied with the quality and value of the services that ecfirst has rendered.”
DerShung Yang, PhD, Founder & President
BrightOutcome


“I have 20+ years of experience in the Healthcare IT industry in a variety of roles including Cybersecurity software and services. During this time, I have seen numerous speakers on the topic of Cybersecurity and Ali Pabrai is among the best.”

“He covers the state of the industry, healthcare-specific regulations, process, product, best practices and call- to-action takeaways in a manner that can be understood at multiple levels including technical, clinical, supply chain, and executive.”

“Ali also weaves in stories and humor to keep the audience engaged on what can be a dry yet frightening topic. I highly recommend Ali Pabrai as a speaker, trainer and consultant in this area.”
Chris Liburdi, Director – Business Development
Srcg Ops – Business Technology


“Provant Health partnered with ecfirst to build a plan and assist in executing it with the goal of achieving HITRUST certification.”

“Ali Pabrai and his team were flexible, collaborative, and most importantly patient as we worked to educate our management team and key employees on the meaning and value of HITRUST. Due to many internal corporate changes, the first phase of the project took much longer than planned but ecfirst stayed with us the whole way. They pushed our team when needed but also stepped back and gave us room at times.”

“I’d recommend ecfirst to any company who wants to understand HITRUST or work on assessing and remediating their processes and systems in preparation for certification.”
Tom Basiliere, Chief Information Officer
Provant Health


HITRUST Cybersecurity Strategy Workshop

“The course is very informative. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Amanda Geers
Hoag Hospital

“Better understanding of HITRUST connection between Policies, Procedures and Evidence. Overall rating of the Course: 9. Overall rating of the Instructor: 9.”
Ronnie Beekee
Hoag Hospital

“Good Information. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
James Ablan Go
Hoag Hospital

“Good overview of security to achieve HITRUST maturity. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Waleed Bassyoni
Hoag Hospital

“Very well-structed and helped me to understand easily. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dara Huston
DMN Tech

“Broad real-world experience, not just technical overlay. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Christina Whitlock
H3 Strategies

“Clearly outlined the HITRUST compliance program, and the importance of scoping. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dhara Shah
Student

“The workshop helped me to understand technical aspects clearly. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Shahram Ghobadi

“The workshop explained me the value of HITRUST. The course solidified my desire to obtain this certification. Overall rating of the Course: 9. Overall rating of the Instructor: 10.”
Ken Mickelson
Printer Logic

“The topics helps us to become HITRUST professional. I have gone through the CHP and CSCSTM. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Chris Bosque
Printer Logic

“Before coming to the course, I knew little. But at the end of the course, I just nailed it than I thought. Showed the process and what to expect with HITRUST. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Soh Beela
Printer Logic

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.”

“Strength of the program was the interaction.”

“The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Strength of the program was the foundation provided for future direction for compliance and cyber security.”

I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

Interactivity was a strength of the program.”

“Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The overall complexity of HITRUST was covered well in the program.”

“Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.”

“Knowledge based, fast paced, easy to follow. Very informative course!!!”

“The practical aspect of the workshop was important.”

“The overview of HITRUST was well done.”

“Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Fun, good presenters, good presentation material.”

“Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.”

--------------------------------------------------