HITRUST Introduces Combined Assessment Option for e1 and i1 Assessments

In a recent announcement, HITRUST unveiled a significant enhancement to its e1 and i1 Assessments, offering a new combined assessment option. This update allows organizations to align their HITRUST CSF requirements with additional authoritative sources, such as HIPAA, directly within their e1 (44 requirements) or i1 (182 requirements) assessments. This innovative feature aims to streamline compliance efforts and provide valuable insights that can be shared with stakeholders, both internally and externally.

According to Steve Ryan, HITRUST manager at BARR Advisory: 

“This new feature from HITRUST provides an incredible opportunity for organizations utilizing e1 and i1 assessments to show their stakeholders valuable insights into additional frameworks and provide these stakeholders with a well-rounded view into the organization’s control environment. HITRUST and BARR continue to enhance a test once, report many approach to reduce audit fatigue and provide more valuable information to key stakeholders.”

What’s New? 

With the combined assessment option, organizations opting to integrate their e1 or i1 assessments with HITRUST CSF requirements mapping to other frameworks will receive comprehensive Insights Reports. These reports are designed to present a clear, concise view of how the organization’s controls map to the selected authoritative sources. This addition allows organizations to showcase their control maturity in a way that is easily digestible and actionable, aiding in communication with stakeholders such as customers, regulators, and internal teams.

Key Benefits of the Combined Assessment Option:

• Enhanced Stakeholder Communication: Insights Reports make it easier for organizations to convey their compliance with specific standards, such as HIPAA, to various stakeholders, improving transparency and trust.
• Accelerated Customer Adoption: By clearly demonstrating conformity with recognized standards, organizations can expedite the adoption of their services and solutions by prospective customers, speeding up time-to-value.
• Cost-Effective Compliance Enhancement: At a modest additional cost, the combined assessment option adds significant value to e1 and i1 assessments, enriching the MyCSF subscription with enhanced capabilities that support HITRUST’s Assess Once, Report Many™ approach.
• Leveraging Shared Responsibility: Insights Reports also help identify controls met by cloud service providers (CSPs) and other partners, facilitating more efficient use of shared responsibility and inheritance efficiencies.

As a HITRUST Authorized External Assessor, BARR Advisory is committed to helping organizations navigate these new options to maximize the benefits of HITRUST’s combined assessment approach. By leveraging these enhancements, organizations can better manage compliance workloads, reduce audit fatigue, and deliver more robust insights to stakeholders.

For more information about the combined assessment option and how it can benefit your organization, contact us today.