Skip to content

HITRUST Assurance Program Selected by Health3PT in Alignment with Recommended Practices

Health3PT has approved HITRUST as the first assurance supplier supporting these recommended practices for the healthcare industry. The HITRUST e1, i1, and r2 assessments all support healthcare industry organizations seeking to collect evidence of appropriate, reliable, and consistent assurance of their vendor’s security capabilities. And the HITRUST Assurance Program provides the supporting infrastructure needed for the healthcare industry to collect assurances, report-on risk, and track and manage risk.

The selection of HITRUST is based upon HITRUST’s alignment with the Health3PT healthcare industry recommended practices and implementation guide for vendor cyber risk. The recommended practices are a result of collaboration among a council representing the nation’s leading healthcare organizations and provide an instructional framework of actionable steps organizations can take to ensure due diligence and due care throughout the healthcare ecosystem—while improving effectiveness, reducing inefficiencies, and leading the way for standardization in Third-Party Risk Management (TPRM).

HITRUST offers three types of certifications, which vary based on levels of assurance. An organization’s risk profile will dictate which certification Health3PT members recommend. Because each certification builds on a common framework, many organizations will be able to start with a less comprehensive assessment and move up to a more comprehensive one as they mature and without losing their work or starting over.

Click here to learn more about HITRUST and the HITRUST Assessment Portfolio.