HITRUST stands for the Health Information Trust Alliance, a non-profit organization that delivers data protection standards and certification programs to help organizations safeguard sensitive information, manage information risk, and reach their compliance goals. HITRUST is a certifiable and recommended framework trusted by many health networks and hospitals to manage risk. The HITRUST Common Security Framework (CSF) is a certifiable security and privacy framework with a list of prescriptive controls/requirements that can be used to demonstrate HIPAA compliance. HITRUST certification by the HITRUST Alliance enables vendors and covered entities to demonstrate compliance to HIPAA requirements based on a standardized framework.

HITRUST certification requires an independent assessment, and the length of the assessment depends on the size and complexity of an organization, its scope, and the amount of counseling. HITRUST offers three degrees of assurance, or levels of assessment: self-assessment, CSF validated, and CSF-certified. Each level builds with increasing rigor on the one below it. An organization with the highest level, CSF-certified, meets all the certification requirements of the CSF.

The benefits of HITRUST include satisfying regulatory requirements mandated by third-party organizations and laws, streamlining compliance efforts, and providing measurable criteria and objectives for applying "appropriate administrative, technical, and physical safeguards". HITRUST certification is not mandated by the Federal government but is considered to be the most comprehensive framework because of its mapping to many other standards, including HIPAA, SOC 2, NIST, ISO 27001, and more.

The cost of HITRUST certification greatly varies from approximately $40,000-$200,000, depending on the size, risk profile, and scope of the assessment. The cost will be determined by the number of controls tested and the scope of the assessment.