HITRUST Compliance and Certification – Austin, Dallas, Houston, TX – Fixed Fees
NDB is one of Texas’ leading providers of HITRUST compliance and certification services, offering fixed-fees for healthcare companies in and around the Dallas and the North Texas region. HITRUST is fast becoming the gold standard for healthcare compliance in terms of protecting confidential healthcare data – and with the Dallas and North Texas region booming with business, thousands of healthcare companies are going to be seeking assistance with HITRUST.
Contact us today at 512-522-4943 (Austin), 214-272-0967 (Dallas), or at 713-331-5492 (Houston), or email us at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB’s HITRUST services, and to receive a fixed-fee quote.
Six Phases of HITRUST Compliance & Certification
- Phase I – Select an Authorized HITRUST External Assessor
- Phase II – Perform a HITRUST CSF Readiness Assessment
- Phase III –Undertake Documentation Remediation (That’s Policies and Procedures!)
- Phase IV – Undertake Operational Remediation
- Phase V – Completion of CSF Validated Assessment
- Phase VI – Monitoring of Controls for Continued HITRUST CSF Compliance
Phase I – Find an Authorized HITRUST External Assessor
There are a number – and growing list – of HITRUST External Assessors in the greater Dallas Fort-Worth metroplex, so finding an actual assessor should not be too problematic. When seeking an authorized HITRUST external assessor, here are some helpful tips for getting the most out of the relationship:
- Ask for a multi-year engagement (as audit continuity for your business is crucial)
- Ask for a fixed-fee proposal (good HITRUST external assessors with years of experience can offer such a service)
- Inquire about additional services beyond the HITRUST CSF compliance and certification process. To be very clear, ask about services such as policies and procedures writing (HITRUST compliance requires quite a bit of documentation), and ask about consulting services for helping find and source software tools and solutions (because with HITRUST, you’ll need to possibly invest in security tools).
- Ask about what professional support services are provided throughout the year for helping maintain HITRUST CSF certification. Remember, becoming HITRUST CSF certified – while a huge achievement indeed – is only one piece of the puzzle – maintaining compliance can be just as challenging.
Phase II – Perform a HITRUST CSF Readiness Assessment (This is a Must!)
Why a HITRUST CSF readiness assessment for healthcare organizations in the Dallas and North Texas region? Simple. Organizations will want to gain a strong understanding of audit scope, personnel to be involved, locations to assess, and what, if any, third-party providers are in the “mix” for such an audit. Scope is the driving factor for HITRUST compliance and certification in terms of how expensive, how long, and how complex the process can be, so remember this.
Phase III – Documentation Remediation (That’s Policies and Procedures!)
HITRUST is very much one of those compliance mandates that require a large number of policies and procedures to be in place, so keep this in mind. It’s therefore important to assign the task of writing policies and procedures to either a (a). designated internal employee or an (b). expert outside source. NDB can write your HITRUST polices and procedures for you, saving you dozens of hours and thousands of dollars.
From access control to business continuity, organizations seeking HITRUST CSF Certification will need to spend a considerable amount of time developing critical policy documents. In fact, documentation remediation is often the most demanding and time-consuming aspect of becoming HITRUST CSF certified.
As to the types of documentation needed for HITRUST compliance, consider the following:
- Access control policies and procedures
- Change management policies and procedures
- Data backup policies and procedures
- Incident response plan
- Contingency planning and disaster recovery
- Remote access policies and procedures
- And more.
Again, these are just a small fraction of the dozens of polices, procedures, and processes that need to be in place for HITRUST compliance & certification. It’s also another key reason why a HITRUST CSF readiness assessment is so essential. Organizations need to be made aware of this prior to an actual HITRUST validated assessment.
Phase IV– Operational Remediation
Phase III, Documentation Remediation, is incredibly important, no question about it, but there’s also “operational” remediation. What’s operational remediation? It’s essentially any number of items that require personnel to make changes to IT systems (i.e., strengthening password complexity rules, hardening servers with additional configurations, etc.), undertaking measures such as security awareness training, performing risk assessments, and more. Look at operational remediation as some of the more “heavy lifting” activities that need to be done.
Together, documentation remediation and operational remediation form the very basis of correcting control deficiencies for HITRUST compliance & certification. NDB offers comprehensive services for helping healthcare companies in North Texas achieve HITRUST compliance. Contact us today at 512-522-4943 (Austin), 214-272-0967 (Dallas), or at 713-331-5492 (Houston), or email us at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB’s HITRUST services, and to receive a fixed-fee quote.
Phase V – Achievement of HITRUST CSF Certification
A critical component of achieving HITRUST CSF Certification is working with your HITRUST external assessor and utilizing the MyCSF portal. This is where documentation lives and where the interaction and dialogue is undertaken between your company and the HITRUST external assessor you’ve chosen. Make sure to get a strong understanding of the MyCSF, its purpose, how it works, and much more.
Phase VI – Monitoring of Controls for Continued HITRUST Compliance
Achieved HITRUST CSF certification? Congratulations, but there’ more to do – much more. It’s critically important to establish a continuous monitoring program for effectively assessing HITRUST controls throughout the year – this is beneficial because you can have constant visibility into the security and privacy posture of your organization. If not, two big problems can surface. First, the controls are not functioning as designed, which can lead to serious security issues, potentially resulting in compromises of highly confidential consumer data. Second, annual HITRUST compliance with your HITRUST external assessor will be a challenge – and that’s putting it lightly. NDB can help build an efficient and workable continuous monitoring solution for HITRUST.
NDB | Texas' Leading Provider of HITRUST Compliance & Certification
NDB has years of healthcare experience and we can assist your organization when it comes to HITRUST compliance & certification. The entire Dallas and North Texas region is simply exploding with growth, and much of it having to do with healthcare. HITRUST compliance & certification can be challenging for organizations new to the process. NDB can help.
Contact us today at 512-522-4943 (Austin), 214-272-0967 (Dallas), or at 713-331-5492 (Houston), or email us at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB’s HITRUST services, and to receive a fixed-fee quote. NDB offers a full suite of services for Dallas and North Texas healthcare organizations seeking HITRUST compliance & certification.