Scoping involves the identification of:
Based on the outcome of phase I, a combination of approaches is applied by Coral HITRUST consultants to conduct the gap analysis.
Coral consultants will provide detailed recommendations for each identified gap with their recommendations.
Based on the gaps and maturity status from phase II, the implementation journey begins:
Upon the completion of the implementation phase, Coral performs monthly tests of controls to ensure that designed controls are operating effectively.
At this stage:
We facilitate the external HITRUST assessment by providing all the support clients need to achieve successful compliance.
Before an organization applies for any of the HITRUST certifications(e1. i1 or r2), the organization has to implement the requirements. This involves conducting as-is analysis, addressing the identified gaps, policy, and procedure documentation, and a monitoring period for three months (cooling off period) before starting the HITRUST assessment
At least three - a HITRUST consultant, HITRUST assessor and the HITRUST itself. Unlike the ISO and SOC 2 world, the certification organization (HITRUST) is also involved.
e1 and i1 reports are valid for 1 year, r2 is valid for 2 years.
It applies to all covered entities and business associates - who wish to demonstrate a higher level of assurance to processing ePHI.
The total cost of ownership involving three parties in three different reports can be in a range of:
HIPAA is a law that aims to protect ePHI. HITRUST is an institution that was created to endorse a HIPAA-compliant organization.
Coral came to the assignment as a result of the development partner who was responsible for the development of the application and maintenance in Azure.
For Coral, the engagement was to ensure the application and the underlying infrastructure using Azure reached successful HITRUST certification.
In the end, Coral assisted the client in implementing all the requirements, which resulted in achieving a successful HITRUST certification.