• Sales: +1.515.444.1221


HITRUST Common Security Framework (CSF) is an industry standard for healthcare organizations to protect PHI and comply with HIPAA Privacy and Security Rules. ecfirst is a HITRUST authorized CSF Assessor and helps you through the journey of certification, including Self-Assessment, Validation, & Certification.



The HITRUST CSF is a common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing procedures and scoring, and demonstrable efficiencies and cost- containment; and additional assurances around the accuracy, consistency and repeatability of assessments due to the use of pre-qualified professional services firms—all of which is designed to meet the unique regulatory and business needs of the healthcare industry. It is a risk-based approach to selecting HITRUST CSF controls for assessment, including management oversight of the assessment. The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting that addresses healthcare federal, state and industry requirements for both covered entities and their business associates.

The HITRUST Self-assessment process enables your organization to establish a baseline of the current state of your policies, processes and controls – all of which are formally documented. We at ecfirst can assist your organization to go through this process and address HITRUST requirements for self-assessment. The self-assessment provides the foundation to identify key enhancements required to be initiated to improve the organization’s security and compliance profile.

Self-assessment allows organizations to self-assess using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance Program. ecfirst supports your efforts to submit and manage the validation process. Validated assessment is conducted by ecfirst, a HITRUST Certified CSF Assessor. The CSF Assurance methodology is used and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification is indicated as CSF Certified on the certification report.

Learn about the HITRUST CSF from the Team of Compliance and Cyber Security experts at ecfirst. Schedule a complimentary executive brief (Webinar) to walk thru key elements of the HITRUST CSF. Understand the process for conducting a HITRUST self-assessment, learn about HITRUST validation, and finally walk-thru the certification process. Knowledge transfer is at the core for all ecfirst client engagements. The journey of addressing HITRUST requirements may be challenging, and the requirements are comprehensive. We look forward to establishing ecfirst as your trusted partner within your enterprise.

HITRUST Certification: Addressing HIPAA, NIST CsF & GDPR

A must attend, complimentary, 29-minute Webinar.
Fast-paced, Fact-based, Immediate applicability!

You will learn:

  • Understand key GDPR requirements and how HITRUST certification address GDPR mandates.
  • Examine HIPAA compliance with HITRUST certification.
  • Step through the application of HITRUST to achieve NIST CsF certification.

Delivered by global cybersecurity and compliance expert, ecfirst Chief Executive Ali Pabrai (FBI InfraGard member). A highly sought after information security and regulatory compliance expert. Ali has successfully delivered solutions on compliance and information security to organizations worldwide.

May 24, 2018, 11:00am -11:29am CST Register

After registering, you will receive a confirmation email containing information about joining the webinar.

For more details, please contact John.Schelewitz@ecfirst.com

Applying HITRUST CSF for HIPAA Compliance

A prescriptive security standard. Comprehensive requirements. Addresses a multitude of regulations, including state mandates. In this brief,
  • Review components of the HITRUST CSF standard
  • Step thru the MyCSF application
  • Examine how to organize a HITRUST engagement

HITRUST: Policies, Procedures & Implementation

Analyse how to determine Information Security Management Policies, Procedures & Implementation of HITRUST. Determine the maturity levels of each requirements. In this brief,
  • Analyse the scope of HITRUST Maturity Levels
  • How to manage security for information by identifying policies & procedures.

HITRUST: Stepping thru the MyCSF Application

Addresses mandates of HITRUST CSF & provides web-based solution for accessing the CSF. In this brief,
  • Getting Started with HITRUST CSF
  • About MyCSF and its Scope
  • Step thru the Factors & Domains

HITRUST Examining CSF v9 and v9.1

Understand HITRUST CSF v9 framework & significant changes of CSF Controls. In this brief,
  • Examine HITRUST CSF v9 & expanded framework which enables NIST Cybersecurity
  • Walk thru about added & removed CSF Controls
  • Review the introduction of HITRUST CSF v9.1

HITRUST: Nine Key Steps to Certification

Establishing the organizational requirements to determine the scope and structure of the assessment & project management tools. In this brief,
  • Review the methodology of CSF Assessment
  • Determine the Process Flow of 9 Steps Assessment
To attend the above webinars, please contact John.Schelewitz@ecfirst.com


This free webinar will outline for you:

  • The fundamentals of the HITRUST Risk Management Framework (RMF).
  • Explain where to start your HITRUST efforts with either a self or validated assessment.
  • Determine which of the five assessment types is best suited for your organizational goals.
  • Give you details on what to expect and how to get started.
For more details, please contact John.Schelewitz@ecfirst.com

HITRUST Cybersecurity Strategy Workshop

“The strength of the program was the discussion on the management framework, and process flow. Overall rating workshop: 10. Overall rating of instructor: 10. Excellent presentation! I have a much better understanding of HITRUST and its requirements. Chalice and Deb were very knowledgeable and communicated the subject matter well.” “Overall rating workshop: 10. Overall rating of instructor: 10. Very good presentation.” “Strength of the program was the interaction.” “The overview of the CSF framework and MyCSF was the strength of the course. Overall rating workshop: 10. Overall rating of instructor: 10.” “Strength of the program was the foundation provided for future direction for compliance and cyber security.” I like how the instructor reviewed content at a higher level rather than all the details at this point. The workshop was entertaining as well as conversational; and focused on our specific organization. Overall rating workshop: 10. Overall rating of instructor: 10.” Interactivity was a strength of the program.” “Knowledge of the instructor was a strength of the program. I look forward to working with the ecfirst Team in the future. Overall rating workshop: 10. Overall rating of instructor: 10.” “The overall complexity of HITRUST was covered well in the program.” “Great HITRUST training. The instructor knowledge of HITRUST and how to implement it in our organization. Overall rating workshop: 10. Overall rating of instructor: 10.” “The HITRUST course was brief and informative. Overall rating workshop: 10. Overall rating of instructor: 10.” “The high-level insight was a strength of the HITRUST workshop. Overall rating workshop: 10. Overall rating of instructor: 10.” “Having multiple instructors helped a lot. The open question format was terrific. Overall rating workshop: 9. Overall rating of instructor: 10.” “Knowledge based, fast paced, easy to follow. Very informative course!!!” “The practical aspect of the workshop was important.” “The overview of HITRUST was well done.” “Great overview of HITRUST and good introduction to MyCSF. Overall rating workshop: 10. Overall rating of instructor: 10.” “Fun, good presenters, good presentation material.” “Great information! Easy to understand. The pace and content were good! I hope other health systems pursue HITRUST certification. Overall rating workshop: 10. Overall rating of instructor: 10. The three-instructor tag team worked!” “Overall rating workshop: 10. Overall rating of instructor: 10. Very descriptive program that covered well what HITRUST entails.” Private, Onsite Workshop at a large Health System, June 2017 --------------------------------------------------