HITRUST Services

The HITRUST CSF Assurance Program Delivers simplified compliance assessment & reporting that addresses healthcare federal, state & industry requirements for both covered entities & their business associates.

HITRUST FAQ

The HITRUST CSF is common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing Procedure and scoring

Read More

HITRUST SOW Request

ecfirst is an authorized HITRUST CSF Assessor. Talk to ecfirst about a complimentary 29-minute HITRUST Exec Brief to learn more about HITRUST and the CSF.

Read More

Complimentary! HITRUST Exec Brief

Learn about the HITRUST CSF From the team of Compliance and cyber Security experts at ecfirst. Schedule a complimentary executive brief (webinar) to talk thru key elements of the HITRUST.

Mail Info

HIPAA Compliance & HITRUST CSF Certification

ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor.

Read More

The HITRUST CSF is a common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing procedures and scoring, and demonstrable efficiencies and cost- containment; and additional assurances around the accuracy, consistency and repeatability of assessments due to the use of pre-qualified professional services firms—all of which is designed to meet the unique regulatory and business needs of the healthcare industry. It is a risk-based approach to selecting HITRUST CSF controls for assessment, including management oversight of the assessment. The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting that addresses healthcare federal, state and industry requirements for both covered entities and their business associates.

The HITRUST self-assessment process enables your organization to establish a baseline of the current state of your policies, processes and controls – all of which are formally documented. We at ecfirst can assist your organization to go through this process and address HITRUST requirements for self-assessment. The self-assessment provides the foundation to identify key enhancements required to be initiated to improve the organization’s security and compliance profile.

Self-assessment allows organizations to self-assess using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance Program. ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. The CSF Assurance methodology is used and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the certification report.

Learn about the HITRUST CSF from the Team of Compliance and Cyber Security experts at ecfirst. Schedule a complimentary executive brief (Webinar) to walk thru key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and finally walk-thru the certification process. Knowledge transfer is at the core for all ecfirst client engagements. The journey of addressing HITRUST requirements may be challenging, and the requirements are comprehensive. We look forward to establishing ecfirst as your trusted partner within your enterprise.

Applying HITRUST CSF for HIPAA Compliance

A prescriptive security standard. Comprehensive requirements. Addresses a multitude of regulations, including state mandates. In this brief,
  • Review components of the HITRUST CSF standard
  • Step thru the MyCSF application
  • Examine how to organize a HITRUST engagement

HITRUST: Policies, Procedures & Implementation

Analyse how to determine Information Security Management Policies, Procedures & Implementation of HITRUST. Determine the maturity levels of each requirements. In this brief,
  • Analyse the scope of HITRUST Maturity Levels
  • How to manage security for information by identifying policies & procedures.

HITRUST: Stepping thru the MyCSF Application

Addresses mandates of HITRUST CSF & provides web-based solution for accessing the CSF. In this brief,
  • Getting Started with HITRUST CSF
  • About MyCSF and its Scope
  • Step thru the Factors & Domains

HITRUST Examining CSF v9 and v9.1

Understand HITRUST CSF v9 framework & significant changes of CSF Controls. In this brief,
  • Examine HITRUST CSF v9 & expanded framework which enables NIST Cybersecurity
  • Walk thru about added & removed CSF Controls
  • Review the introduction of HITRUST CSF v9.1

HITRUST: Nine Key Steps to Certification

Establishing the organizational requirements to determine the scope and structure of the assessment & project management tools. In this brief,
  • Review the methodology of CSF Assessment
  • Determine the Process Flow of 9 Steps Assessment
To attend above webinars, please contact Kris Laidley at +1.515.987.4044 ext 25 or Kris.Laidley@ecfirst.com.

HITRUST CSF 2018 News

This free webinar will outline for you:

  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.

For more details, please contact Kris Laidley at +1.515.987.4044 ext 25 or Kris.Laidley@ecfirst.com.


“Thank you again for the presentation by Pabrai at the HITRUST 2019 Global Conference in Texas. My opinion was that Pabrai delivered the best presentation of the conference. Very professional, thoughtfully constructed, and presented with passion.”
Neal Francom | Compliance and Audit
OODA Health



“I attended Pabrai’s HITRUST (Kaizen) at the HITRUST 2019 Global Conference. I thought it was the best session of the show. I appreciated the approach and content.”
Todd Heinz | Enterprise Security Risk Management Practice
Heartland Business Systems




“ecfirst is a great partner for P3 Health Partners as we work towards HITRUST certification. We started with an extremely tight time frame which required all involved to be focused and dedicated to our objective. ecfirst has been a dedicated partner and provided whatever resources were needed for us to accomplish our goals. Every person from ecfirst has been professional and knowledgeable. They have continuously gone up and beyond expectations and truly been a partner that cares about their clients. I look forward to our continued partnership because I know they have our best interest in mind.”
Devery Goodey, Vice President of Information Systems
P3 Health Partners



“I just wanted to take a moment and say thank you. Thank you and the excellent team at ecfirst for hard work, late hours, and diligence during the first round of our HITRUST certification, and now working on our annual risk management and HIPAA compliance assessment.”

“We at BRG are always looking to improve and enhance our compliance and cybersecurity posture. This is an area of executive and strategic priority for our organization to secure confidential client information. From HIPAA compliance, cybersecurity pen tests, to the HITRUST certification engagement, we have found ecfirst to be an exceptional partner that labored incredibly hard for us, with us. The ecfirst insight and diligence to ensuring HITRUST certification mandates are met led to us completing our engagement on budget and time. We look forward to deeper collaboration with ecfirst in the cybersecurity space in the future. I know you are personally committed and engaged to ensure BRG success with each engagement. I continue to recommend ecfirst highly and often!”
Chip Goodman, Vice President of Information Technology
Berkeley Research Group, LLC



“BrightOutcome is focused in improving patient health outcomes across the continuum of care. BrightOutcome is deeply committed to securing patient information across our systems and Web-based applications. We have been working with Ali Pabrai and his wonderful team at ecfirst since 2012.”

“The ecfirst team literally helped us build our HIPAA practices from ground up, allowing us to offer secure HIPAA-compliant eHealth and health IT solutions to our customers across the U.S. We are actively taking the logical next step in working with ecfirst to pursue the HITRUST certification in order to further expand our market. We see the partnership with ecfirst as an integral part of our business strategy and have been extremely satisfied with the quality and value of the services that ecfirst has rendered.”
DerShung Yang, PhD, Founder & President
BrightOutcome


“I have 20+ years of experience in the Healthcare IT industry in a variety of roles including Cybersecurity software and services. During this time, I have seen numerous speakers on the topic of Cybersecurity and Ali Pabrai is among the best.”

“He covers the state of the industry, healthcare-specific regulations, process, product, best practices and call- to-action takeaways in a manner that can be understood at multiple levels including technical, clinical, supply chain, and executive.”

“Ali also weaves in stories and humor to keep the audience engaged on what can be a dry yet frightening topic. I highly recommend Ali Pabrai as a speaker, trainer and consultant in this area.”
Chris Liburdi, Director – Business Development
Srcg Ops – Business Technology


“Provant Health partnered with ecfirst to build a plan and assist in executing it with the goal of achieving HITRUST certification.”

“Ali Pabrai and his team were flexible, collaborative, and most importantly patient as we worked to educate our management team and key employees on the meaning and value of HITRUST. Due to many internal corporate changes, the first phase of the project took much longer than planned but ecfirst stayed with us the whole way. They pushed our team when needed but also stepped back and gave us room at times.”

“I’d recommend ecfirst to any company who wants to understand HITRUST or work on assessing and remediating their processes and systems in preparation for certification.”
Tom Basiliere, Chief Information Officer
Provant Health


HITRUST Cybersecurity Strategy Workshop

“Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
Bhavesh Merai
Walgreens

“Very informative. Provided me great direction on what to do to move organization towards HITRUST Certification. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Tom Streeter
Healthcare Information Management

“Very good overview of HITRUST requirements. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Jeff Beall
Amita Health

“Well prepared. Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
Rob Royse
St. Louis County BPM

“Very informative. Information was detailed, and session very informative. Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
Oai Huynh
Revenuewell Systems LLC

“Very informative. Picked up new information even after being very familiar with the process workflow having gone through it. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Bryan Villanueva
TriOnfo

“Great overview of HITRUST, assessment process and certification process. Ali is an engaging speaker who can make the topic of cybersecurity interesting. This workshop gives a really well-structured high-level overview of HITRUST. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Suresh Krishnan
Mazik Global

“Great presentation with energetic and passionate delivery. Allowed great questions from the audience. Awesome to have matter of fact answers. I hope to learn more about HITRUST and its capabilities in the future, so, I can continue to support my team and manager. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Blandi Lister
Telligen

“The strength of the HITRUST Workshop is pulling the diverse group together and providing excellent training materials. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Villay Himis
Amita Health

“Practical approach to HITRUST journey. Overall rating of the HITRUST Workshop: 9. Overall rating of the Instructor: 9.”
D.S. Suresh Kumar
Wishbone Club

“Really informative. Instructors were very knowledgeable; Michael from HITRUST was a great resource to have in the workshop. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Juan Busanest
U.S. Army/Brooke Army N.C.

“In-depth industry knowledge. The workshop provided more insight and information to streamline HITRUST certification. In other-words, the workshop demystified HITRUST. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Vanessa Jacobs
Integration Link LLC

“Flowed well. Discussed current changes to CSF and what is coming on the next 12 months. Ali Pabrai and his Team are very engaging and are really knowledgeable in all steps throughout the HITRUST certification process. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Scott Moherek
BRG

“Depth of knowledge and HITRUST executive onsite were the greatest strength of the program. Valuable to see this available to all ecfirst clients and potential clients. Overall rating of the HITRUST Workshop: 10. Overall rating of the Instructor: 10.”
Chip Goodman
BRG

“The course is very informative. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Amanda Geers
Hoag Hospital

“Better understanding of HITRUST connection between Policies, Procedures and Evidence. Overall rating of the Course: 9. Overall rating of the Instructor: 9.”
Ronnie Beekee
Hoag Hospital

“Good Information. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
James Ablan Go
Hoag Hospital

“Good overview of security to achieve HITRUST maturity. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Waleed Bassyoni
Hoag Hospital

“Very well-structed and helped me to understand easily. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dara Huston
DMN Tech

“Broad real-world experience, not just technical overlay. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Christina Whitlock
H3 Strategies

“Clearly outlined the HITRUST compliance program, and the importance of scoping. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Dhara Shah
Student

“The workshop helped me to understand technical aspects clearly. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Shahram Ghobadi

“The workshop explained me the value of HITRUST. The course solidified my desire to obtain this certification. Overall rating of the Course: 9. Overall rating of the Instructor: 10.”
Ken Mickelson
Printer Logic

“The topics helps us to become HITRUST professional. I have gone through the CHP and CSCSTM. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Chris Bosque
Printer Logic

“Before coming to the course, I knew little. But at the end of the course, I just nailed it than I thought. Showed the process and what to expect with HITRUST. Overall rating of the Course: 10. Overall rating of the Instructor: 10.”
Soh Beela
Printer Logic

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.”

“Strength of the program was the interaction.”

“The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Strength of the program was the foundation provided for future direction for compliance and cyber security.”

I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

Interactivity was a strength of the program.”

“Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The overall complexity of HITRUST was covered well in the program.”

“Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.”

“The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.”

“Knowledge based, fast paced, easy to follow. Very informative course!!!”

“The practical aspect of the workshop was important.”

“The overview of HITRUST was well done.”

“Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.”

“Fun, good presenters, good presentation material.”

“Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!”

“Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.”

--------------------------------------------------