More information



Data security is becoming an increasingly important concern for healthcare organizations.
The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

Approved CSF Assessor

ControlCase is an approved HITRUST CSF Assessor which can be verified at this link
ControlCase provides a cost effective solution to help organizations assess themselves against the HITRUST CSF.

The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting for HIPAA, HITECH, state, and business associate requirements.

ControlCase Healthcare Solutions

With stricter compliance standards, many healthcare organizations are feeling vulnerable and uncertain about how these new regulations apply to them. ControlCase offers a variety of healthcare-related IT auditing, security, and compliance solutions designed to help you understand:

  • How HIPAA, HITECH, and the final Omnibus Rule impact your organization.
  • What you need to do to protect your organization.
  • Which areas of your business pose IT risk.
  • The IT security measures you need to take to become HIPAA compliant and mitigate risk.
  • How to demonstrate, document and maintain compliance for your own organization and for your business associates.

ControlCase IT Security Solutions Results

No matter which ControlCase IT security solutions you choose, our healthcare IT security specialists will apply proven processes and common controls frameworks to identify potential vulnerabilities. At the completion of any IT assessment, you will receive a detailed report combined with a comprehensive consultation to ensure your key staff members understand:

  • Your current compliance posture.
  • Recommended steps for improving compliance.
  • Additional considerations that may require attention in the future.

Our expertise in HITRUST compliance extends beyond healthcare providers to include service providers (business associates) that fall under newly implemented regulations as part of current healthcare reform.


The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.

By continuing to improve and update the CSF, the HITRUST CSF has become the most widely-adopted security framework in the U.S. healthcare industry. This commitment and expertise demonstrated by HITRUST ensures that healthcare organizations leveraging the framework are prepared when new regulations and security risks are introduced.

For more on understanding and leveraging the CSF, click here