Skip to content
Talk to an Expert
FREE ASSESSMENT | 3 Minutes

Is HITRUST right for your business?

Obtaining a HITRUST Validation with Certification can provide a competitive advantage — opening paths to larger enterprise organizations and meeting contractual obligations when selling to some companies. But with multiple assessment pathways, each with its unique requirements and timelines, determining if HITRUST (and which assessment) is right for your business can be complex. 

Navigate the complexity with our brief assessment and get your personalized recommendation from our HITRUST experts!

 

Do you collect health information from a hospital or insurance plan?

Is your product an FDA-approved treatment?

Are you selling the treatment to the insurance plans?

Are you improving healthcare outcomes with data?

Is the product designed for revenue cycle management?

Do you offer IT services to companies that collect health information?

Do you host system that process health information?

Is your business a health system or insurance plan?

Does your product roadmap include offerings that require processing of health information?

RESULTS

HITRUST might not be the right fit for your organization, but Thoropass can help you with all your compliance needs.

We determined that your business model does not fall within the most common use cases for HITRUST assessment and certification. However, we believe that further exploration of compliance solutions, including the possibility of HITRUST certification, could still be beneficial for your organization.

You may have a niche and unique product, in which case we are excited to learn more about your business and help you determine if HITRUST is the right fit for your compliance needs. Ensuring the security and privacy of sensitive data is essential for any organization, and the HITRUST framework offers a comprehensive and flexible approach to achieving this goal.

Talk to one of our dedicated compliance experts to learn more.
RESULTS

We would recommend HITRUST for your business!

After a preliminary review of your business model and the circumstances surrounding your FDA-approved treatment, we recommend that your organization pursue a HITRUST i1 assessment unless you are contractually obligated to achieve a HITRUST r2 Certification.

Get your complete recommendation from our team of HITRUST experts! 
RESULTS

We would recommend HITRUST for your business!

After a preliminary review of your business model and the circumstances surrounding your healthcare outcomes solution, we would like to recommend that your organization pursue a HITRUST i1 assessment, unless you are contractually obligated to achieve a HITRUST r2 Certification.

Get your complete recommendation from our team of HITRUST experts! 
RESULTS

We would recommend HITRUST for your business!

After a preliminary review of your business model and the circumstances surrounding your healthcare outcomes solution, we would like to recommend that your organization pursue a HITRUST i1 assessment, unless you are contractually obligated to achieve a HITRUST r2 Certification.

Get your complete recommendation from our team of HITRUST experts! 
RESULTS

We would recommend HITRUST for your business!

After a preliminary review of your business model and the circumstances surrounding your IT offerings, which involves hosting customers that require HITRUST certification, we would like to recommend pursuing a HITRUST r2 assessment.

Get your complete recommendation from our team of HITRUST experts! 
RESULTS

We would recommend HITRUST for your business!

The healthcare industry has been increasingly exposed to security risks and threats in recent years. While insurance companies and healthcare providers often have the negotiating power to avoid spending on HITRUST compliance, we would like to recommend the adoption of HITRUST e1 assessment of the most sensitive systems as a best practice for enhancing security posture and protecting sensitive data.

Get your complete recommendation from our team of HITRUST experts! 
RESULTS

We would recommend HITRUST for your business!

Considering your organization's plans to go to market with new offerings or further explore product-market fit, we would like to recommend pursuing a HITRUST e1 assessment. This certification will not only open new markets and opportunities but also serve as a stepping stone to higher levels of assurance, ensuring a strong foundation for your future growth.

Get your complete recommendation from our team of HITRUST experts! 

What are the types of HITRUST assessments?

E1 Asessment HITRUST Essentials, 1-Year (e1) Assessment

Offers entry-level assurance focused on the most critical cybersecurity controls and demonstrates that essential cybersecurity hygiene is in place.

Number of HITRUST CSF Requirements: 44 (Year 1), 44 (Year 2)
I1 Assessment HITRUST Implemented, 1-Year (i1) Assessment

Provides a moderate level of assurance that addresses cybersecurity leading practices and a broader range of active cyber threats than the e1 assessment.

Number of HITRUST CSF Requirements: 182 (Year 1), ~60 (Year 2 with Rapid Recertification)
R2 assessment HITRUST Risk-based, 2-year (r2) Assessment

A high level of assurance that focuses on a comprehensive risk-based specification of controls with an expanded approach to risk management and compliance evaluation.

Number of HITRUST CSF Requirements: ~375 Avg. (Year 1), ~40 (Year 2 Interim Assessment)