• HITRUST®, or the  Health Information Trust Alliance, established the HITRUST® Common Security Framework  (CSF)
  • HITRUST® certification assures customers that your organisation has a governnace progran that is aimed at securing electronic Protected Health Informtion (ePHI)
  • HITRUST® has more than 595 requiements, not all may apply to your business.*
  • In Coral we help cllients implement industry practice to fulfill these prractices through a 5 phase project plan.
  • With 18 years in consulting, we have succesful implementation methdology that will ensure you achieve ROI on the invested subject, and ePHI security in your business lifecycle.

Kindly share your details for HITRUST® requirements

What are the 5 phases of reaching HITRUST® implementation?

Phase I – Understanding Business context, and scope of systems

This is generally starts with having sssions with management or their key leadrship teams to determine why HITRUST® is needed, and where is ePHI. This results in determnining scope of compliance.

Phase II – Gap Analysis/Risk Assessment

We have a 4 layer risk assessment using which we determine the degre of current controls implemented. Gaps identified are treated through the subsequent phases of the project journey.

Phase III – Strategy/Policy/Procedure Documentation

In this phase we discuss and develop stategies, policies and procedures. This phase takes generally a longer time that others as the represntatives have to review and approve, and sometimes requires changes in the way they perform a certain process.

Phase IV – Monitoring and Measurement

In order for an organistaion to reach level 4 and level 5 an ongoing measurement process needs to be in place.
Based on the organisation requirement and agreement, we perform the measurement and provide a scoring against controls.
This gives the management an objective view of HITRUST® implementation.

Phase V – External HITRUST® support

We support your external audit journey thereby ensuring that you achieve successful certification.

What are 19 Domains of HITRUST®?
  • Information Protection Program
  • Endpoint Protection
  • Portable Media Security
  • Mobile Device Security
  • Wireless Security
  • Configuration Management
  • Vulnerability Management
  • Network Protection
  • Transmission Protection
  • Password Management
  • Access Control
  • Audit Logging and Monitoring
  • Education, Training, and Awareness
  • Third-Party Assurance
  • Incident Management
  • Business Continuity and Disaster Recovery
  • Risk Management
  • Physical and Environmental Security
  • Data Protection and Privacy
What is HITRUST® Maturity?
With HITRUST® report you get a score of 1 to 5 depending on the followings:
  • Policy – this is achieved when you have a documented policy in line with HITRUST® requirement
  • Procedure – This is when you describe how you achieve the policy objectives. This involves documenting people, process and technology references.
  • Implementation – This is when you provide the evidence of the implementation in line with policy and procedure.
  • Measured – This is when you ‘quantitatively’ demonstrate the effectiveness of a control is in place. This can be a minimum period of say 3 months, which provide a reasonable assurance of control measurement.
  • Managed – This is when you show how identify risks, deviations, opportunities for improvements, and track till closure.
  • If you are chosing beyond HIPAA, and wish to get certified on additional CSF such as SOC 2 or one of the paplicable legislations, there can be additial requirements.
Documentation Toolkit

HITRUST® requires documentation of policies, procedures and records. As a result of several consulting assignments, we have some of the best content available that covers all the requirements.

Our documentation has the following salient features:

  • Alignment with all HITRUST®-documentation requirements
  • Our experiences turned into documentation templates
  • Project Tracking tools to support the implementation
  • Q & A support

Upon receiving your request, we will provide you further details.

Annual Risk Assessment

Risk Assessment is a mandatory requirement for achieving and maintaining HITRUST®. We have one of the most comprehensive risk assessments that comprises asset, controls and security policy objective wise risk assessment. Let us know if you are interested.

Upon receiving your request, we will provide you further details.

Program Management

Our consulting methodology experience has helped us to understand – what it takes to design and maintain a successful HITRUST® compliance. HITRUST® Program managemen removes the compliance responsibility to an external team, whereas the management focuses on customer/business delivery.

We currently manage program management for customers who has one location to another set of customers who have more than 8 locations worldwide

Upon receiving your request, we will provide you further details.

Information Security ‘measurement’ System

We have a successful framework for measurement of ISMS. The measurements checks ISMS objectives, as well as control wise objectives to provide you a scoring method applied. The measurements help the organisation provide a performance analysis and take actions proactively.

Upon receiving your request, we will provide you further details.

Internal Audit

An independent assessment helps to assess the state of compliance. Our internal audit methodology includes people, process, technology and measurements to assure and provide management the degree of HIPAA compliance. Typically it takes 3-5 days to perform a comprehensive internal audit.

Upon receiving your request, we will provide you further details.

What does the toolkit cover?
  • Policy – a document that shows organisation intent to comply to a requirement of the standard
  • Procedures – a document that defines how an organisation can accomplish a task in a step by step method.
  • Measurement – How an organisation can measure the performance of the documented procedure
  • Templates – Based the policy/procedure/measurement requirement, we provide a ready to use template that ranges from word, excel, power point presentations – that helps an organisation achieve their own HITRUST® goals.
Policies, procedures and templates combined together give you a comprehensive framework that you can use in the organisation to design, and distribute the HITRUST® requirements and related documentation.
List of documents
Policies and Procedures coverage includes the followings
  • Policy - HITRUST®–Compliance
  • Policy - HITRUST® Roles & Responsibilities
  • Standard - Information-Classification & Media Handling
  • Product - Solution Architecture
  • Policy - Secure Software Development Lifecycle
  • Policy - Acceptable use
  • Inventory - Assets
  • Inventory - Assets-Confidentiality Rating
  • Manual – HR
  • Procedure - Disciplinary Action
  • Policy – Infosec Education, Training and Awareness
  • Manual - IT Operations
  • Manual - Physical Security
  • Policy - Access Control
  • Policy - Backup and Recovery
  • Policy – Budgeting
  • Policy - Change Management
  • Policy - Media Management
  • Policy - Network Security
  • Policy – Privacy
  • Policy – SIEM
  • Policy - Third Party Assurance & Coverage
  • Policy - Vendor Risk Management
  • Procedure - Breach Notification
  • Procedure - Configuration Management
  • Procedure - HITRUST® Risk Assessment
  • Procedure - Security-Incident-Response
  • Business Continuity Plan
  • HITRUST®-Monthly Report
Call or write to us at :
for proposal / roadmap / information
Would You Like To Speak To Our HITRUST® Certification Consultant?
Contact Us Now !