The Health Information Trust Alliance (HITRUST) is an organization governed by representatives from the healthcare industry. HITRUST created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance in a consistent and streamlined manner. The CSF builds on HIPAA and the HITECH Act, which are US healthcare laws that have established requirements for the use, disclosure, and safeguarding of individually identifiable health information, and that enforce noncompliance.

The readiness assessment is recommended prior to the validated assessment in order to identify control weaknesses that need correction. Sigma Technology’s deliverables from the readiness assessment include:

• Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls
• Control gaps and areas of improvement
• Prioritized observations and recommendations for remediation
• The advantage of performing a readiness assessment prior to a HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities