HITRUST Assessment Services

Accelerating the use of electronic health records while staying on top of information security has been a challenge for the healthcare organizations. To help safeguard electronic protected health information (ePHI), the Health Information Trust Alliance (HITRUST) established the Common Security Framework (CSF). Combining existing controls with industry best practices, the CSF offers scalable security processes designed for the healthcare environment. A comprehensive and flexible framework, the CSF normalizes security requirements of healthcare organizations in order to help them assess risk levels in their IT environment. It takes a uniquely holistic approach toward information security risk management to ensure that your security program meets your regulatory obligations from a people, process, and technology standpoint.
Marlabs has been designated by HITRUST as a CSF Assessor. As one of the select few HITRUST CSF assessor organizations, with multiple certified assessors on staff, Marlabs provides a comprehensive compliance program that can ready your organization for CSF adoption and certification so that you can create, use, store, and share protected health information with increased confidence.
The Marlabs’ information security practice helps healthcareorganizations overcome their information security challenges by lowering risk and raising the level of information security compliance and governance. Our information security professionals will work with you to identify and implement administrative, procedural, and technical processes that will enable you to realize your desired information security and compliance posture.
Certified CSF practitioners conduct the HITRUST assessment in order to identify potential vulnerabilities in your ePHI systems. From interviewing key personnel to reviewing existing documentation to carrying out technical testing, our practitioners dive deep into your compliance program. Each CSF assessment is customized to meet your unique needs and environment. Appropriately implementing, managing, and measuring CSF control objectives on a continuous basis, our nine step HITRUST CSF risk assessment process identifies control gaps and assists in meeting requirements.
Multiple tiers underpin the overall assessment: from self-assessment questionnaires to onsite analysis/testing performed by our certified assessors. Documenting the results of assessment is done via a standard report with a compliance scorecard and remediation activities tracked in a Corrective Action Plan (CAP).
Marlabs' other managed security services include:
  • Cyber threat intelligence management
  • Network vulnerability assessment and validation
  • Cyber security incident management
  • Security awareness and education
  • Cyber security check-up services
Assessment activities include:
  • Examining any supporting documentation associated with the questions and CSF requirements in order to ensure that documents meet control requirements and that any gaps are noted.
  • Interviewing relevant personnel in order to verify that the policies and procedures stated in the documents are implemented at the requisite CSF implementation level.
  • Using the results of the interviews, test samples, policies/procedures, and previous audits/examinations in order to design and execute tests and verify responses previously entered.
Streamlining the assessment approach and identifying applicable CSF controls and implementation requirements is facilitated via MyCSFTM, a HITRUST Governance, Risk, and Compliance (GRC) toolkit.
MyCSF is:
  • Based on a secure, Web-based solution for accessing the HITRUST CSF.
  • Provides a foundation for assessment, remediation, and reporting and tracking activities.
Leveraging MyCSF, we perform a ‘Detailed Control Assessment’, a comprehensive measurement of compliance that will enable you to see where you are in terms of prescriptive implementation requirements outlined in each CSF control.
Through benchmarking, MyCSF makes it possible for you to understand how your scores compare to those of similar organizations (by segment, size, and industry) by accessing several sets of benchmarking data gathered by HITRUST through the standardized approach of the CSF Assurance Program.
At the conclusion of the Healthcare HITRUST Assessment, Marlabs will also provide an in-depth report with extensive and detailed insight from the data for technology teams as well as for your business management.
The Marlabs Advantage
  • Independent compliance solutions created specifically for the healthcare industry and your unique needs.
  • Senior assessors each with over 15 years of experience in healthcare compliance and information security. 
  • A unique combination of compliance knowhow and tech expertise for a full and accurate assessment.
  • Ability to ‘look under the hood’ in order to provide a complete, detailed analysis of your risk profile.
  • Optional technology remediation support that will help you eliminate gaps and meet compliance goals.

  HITRUST Common Security Framework (CSF) Assessment Brochure.