HITRUST Updates

HITRUST has made several recent announcements that will have an impact on your assessment plans.

HITRUST Quality Assurance Reservation System  

On April 15th HITRUST issued an Assurance Advisory (2021-001) which outlined the process for allowing assessed entities to schedule the start of the HITRUST quality assurance for HITRUST CSF Validated Assessments. The HITRUST quality assurance is the process HITRUST uses to assess and evaluate the results of the assessment prepared by the assessed entity and the external assessor.

Starting July 1, 2021 assessed entities will need to schedule a reservation for submission of their validated assessment to HITRUST. Reservations will not be required for submissions of self-assessments or interim assessments. HITRUST has indicated that this will have the following benefits:

  • Eliminates the uncertainty around when HITRUST’s QA procedures will begin
  • Allows Assessed Entities and their HITRUST Authorized External Assessor organizations to schedule resources to respond to HITRUST’s QA feedback
  • Provides the opportunity for QA to occur closer to the submission date

Assessment reservations can be made up to a year in advance. Assessed entities should work with their external assessor to determine what their reservation date should be, as failure to submit the assessment by the reservation date will result in cancellation of the reservation.  

The reservation slots will occur within QA Blocks. Each QA Block is a one-week period where HITRUST will begin the QA procedures for assessments received in that block. HITRUST has indicated that by using this process, organizations should typically expect to hear from HITRUST within 7 to 10 days after the end of their QA Block.

A walkthrough of the process and FAQ can be found here.  

HITRUST MYCSF V10 Update

HITRUST CSF V10 is expected to be a significant change from the current versions of the CSF framework, which may potentially have a significant impact on an organization’s assessment. HITRUST has previously announced they would be releasing V10 early in the 2nd quarter of 2021. HITRUST has now confirmed that this release will take place in mid-May 2021. However, when the updated version is released, it will be in a preview mode for a period of six months and will not be used for assessments until at least November of 2021. HITRUST has also stated that users will be able to use the 9.4 CSF framework for at least 24 months after the release of V10. 

If you are interested in how we can help your organization achieve and maintain HITRUST certification, please reach out to us at 855-670-8780 or connect@compliancepoint.com.

Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.