HITRUST Validated Assessments for Health Care

You don’t have to juggle multiple regulatory guidelines for security.

CliftonLarsonAllen (CLA) can assist you with an organizational security self-assessment or validate your evaluation of the security control environment within your health care organization.

What’s on your mind?

  • Evaluating and validating the security of your organization
  • Providing validation services so your organization can become certified
  • Complying with regulations and standards related to
    • Health care (HIPAA)
    • Third party (Payment Card Industry [PCI], Control Objectives for Information and Related Technologies [COBIT])
    • Government (National Institute of Standards and Technology [NIST], Federal Trade Commission [FTC])
  • Shaping a comprehensive health care cybersecurity (IS) plan for the organization


HITRUST has developed the HITRUST CSF that integrates the elements of IS controls from a variety of authoritative sources. Prescriptive controls provide the requirements for policy, procedure, implementation, monitoring, and management. Evaluating the effectiveness of these controls provides an opportunity for your organization to gauge the overall maturity of your security program.

Experience our client-focused approach

As part of the assessor program, CLA practitioners are certified to validate your organization’s program maturity in alignment with these prescriptive controls. By helping you with a self-assessment or validating your stated controls, we will provide the right amount of support. We can partner with you as you navigate through this seemingly treacherous minefield of security and compliance.

HITRUST services for health care providers

  • Internal audit
  • Provide support during the self-assessment
  • Simplify compliance by utilizing one consistent approach of reporting compliance to internal and external stakeholders

Experience the CLA Promise