Drummond Group

HITRUST
Assessment Services

We have developed a proven methodology for getting your organization HITRUST® Certified as quickly and inexpensively as possible.

SMB Specialist
We specialize in helping small-to-medium sized businesses achieve HITRUST® certification.

Policies/Procedures
We provide a full set of customized policies and procedures (if needed).

Fixed Fee Pricing

We offer fixed fee pricing and flexible payment options, we will accommodate any reasonable request.

Assistance

We guide you every step of the way. We collaborate with you daily to make sure we are staying on track and adhering to our milestones.

No Jerks
Drummond Group employs a “No Jerks” policy. Our people are pleasant to work with, and have a good sense of humor, just ask our references.

Methodology
We have developed a proven methodology over the last four years for getting your organization HITRUST® certified as quickly and inexpensively as possible.

Experience

Our combined entities have over five years experience as HITRUST® CSF®  Assessors.

Coverage

Cloud providers, data analytic companies, data centers, third party processors, health care organizations, SaaS providers, print companies, medical device companies, and wellness companies.

Questions? Contact info2@drummondgroup.com

HITRUST Webinar – 1st Thursday of Every Month at 2pm Eastern

To Register – https://attendee.gotowebinar.com/rt/256938665192672513

Request Information

We will send you additional information on our industry leading services and our informative whitepaper “Everything you wanted to know about HITRUST Certification.”

What You Need to Know About

HITRUST Certification

Get Answers to Frequently Asked Questions that pertain to HITRUST®

HITRUST Frequently Asked Questions

Who is HITRUST®?

The Health Information Trust Alliance (HITRUST®) is an independent non-profit company that acts as a certification body for healthcare organizations and those providing services to healthcare organizations. www.hitrustalliance.net

Who is requiring HITRUST® certification?

Healthcare organizations such as CVS Caremark, Health Care Services Corp., Highmark, Humana, United Healthcare Group, and WellPoint now require their service providers to be HITRUST® certified.

What is HITRUST® CSF®?

The HITRUST® Common Security Framework (CSF®), developed in collaboration with healthcare and security experts, is a certifiable, information security framework that provides organizations with an actionable roadmap tailored to the unique needs of the healthcare industry. To date, the HITRUST® CSF® is the most widely-adopted security framework in the U.S. healthcare industry and has become the de facto standard. For more information on the HITRUST® standard go to: www.hitrustalliance.net

Why is becoming HITRUST® certified important?

Becoming HITRUST® certified is a significant competitive advantage and is becoming necessary to perform services in the healthcare field. Many healthcare organizations are now requiring their Business Associates/Service Providers that either capture, store, or process Protected Health Information (PHI) to become HITRUST® CSF® Certified. This is a necessary step to ensure that their Business Associates/Service Providers have established adequate controls to protect PHI and comply with the HIPAA Privacy, Security, and HITECH regulations. The number of controls that will be scope will depend on the answers provided in your HITRUST® Scoping Spreadsheet. Please answer the HITRUST® Scoping Questionnaire that we will send once you fill out our Registration.

What do I need to provide in order to show compliance with each HITRUST® control?

At a minimum you must show you have a policy, procedure, and proof of implementation for each in-scope control.

How long does it take to get HITRUST® certified?

It takes approximately 6 months to get certified.

How long does it take HITRUST® to issue my certification once everything submitted?

It takes 4 to 6 weeks for HITRUST® to do their quality assurance review and issue the certification report.

How much does Drummond Group charge?

Our fee depends on the number of HITRUST® CSF® controls in scope. Please answer the HITRUST® Scoping Questionnaire that we will send once you fill out our Registration form.

How much does HITRUST® charge for my certification?

The HITRUST® fee is based on your annual revenue. We will provide a pricing sheet when we return our pricing.

What should questions should I ask my potential HITRUST® assessor?

We have created a set of ten screening questions to ensure that you get the best fit with your HITRUST® Assessor.

Do you have a proven methodology in place?

Yes, our system has been developed over the last four years to get your organization HITRUST® Certified as quickly and inexpensively as possible. Give us 30 minutes to prove it!

We need a lot of assistance; do you guide us through the process?

Yes, we guide you every step of the way. Our Drummond Compliance System (DCS) includes daily collaboration with your assigned HITRUST® Assessor.

Have you worked with firms in my line of business?

We’ve worked with companies of all types, including: cloud providers, data analytic companies, data centers, third party processors, health care organizations, SaaS providers, print companies, medical device companies, and wellness companies.

Do you have references that you will provide?

Absolutely! We have a lot of happy customers. We will be happy to provide references.

Do you use off-shore assessors?

We provide our services to clients all over the world, but the Drummond Group only uses U.S. based HITRUST® Practitioners.

Do you use resources that are not HITRUST® Certified Assessors to perform the work?

No, all our resources are HITRUST® Certified Assessors.

Do you use junior auditors?

We only use senior HITRUST® Assessors with 20+ years of experience. Our Assessors have the leading industry security and compliance certifications.

Is your team pleasant to work with?

A lot of organizations overlook this aspect. You are going to be working with your HITRUST® Assessor for quite a while. Our people are pleasant to work with, and have a good sense of humor, just ask our references.