Master the complexities of cloud compliance with expert resources and relevant insights.

What is the Cost of HITRUST CSF Certification in 2020?

Healthcare is complex and can seem overwhelming, but it doesn’t have to be. Whether you’re a healthcare professional or not, it is commonly felt that more time is spent trying to understand the healthcare conundrum rather than solving it. That’s where Datica comes in. We have set out to investigate the underlying logic behind the astounding regulatory maze of healthcare. Why spend your time mastering the problem when you could be discovering the innovative solutions? HITRUST CSF Certification costs what?

Many people fail to realize that the Health Information Trust Alliance, known simply as HITRUST, is not a framework at all, but an organization comprised of healthcare industry leaders who regard information security as a fundamental component to data systems and exchanges. The HITRUST organization, in partnership with other technology and information security leaders, created and maintains the Common Security Framework (CSF). Organizations can gauge their compliance to the HITRUST CSF by performing many types of assessments.

Cost is one of a few gating factors for organizations considering a HITRUST Assessment. This cost breaks down into two broad categories – direct and indirect costs. The costs for a HITRUST Certification have gone up as the HITRUST CSF has evolved and become more complex.

  • The direct costs for this include both fees to HITRUST and to your auditor or approved assessor. The direct cost, at the low end, is about $60,000-$120,000 but costs can be much higher for larger organizations.

  • Indirect costs are harder to quantify. In regard to the Datica HITRUST assessment, we estimate the total time spent for all employees and have come to an estimate of 400 hours. Also, necessary to consider is the time spent between each audit to address issues and solidify compliance and infosec programs. Though not captured for our HITRUST assessment, this contributes to the overall cost of compliance.

  • Conservatively estimating the cost of an hour of work to be $100/hour, a rough calculation can be tallied. With the cost of salaries, benefits and lost opportunities from work not performed simultaneously (writing code, customer support, sales, marketing, etc) a partial loss must be considered. Based on those numbers, the total cost of the HITRUST Assessment is appraised $100,000 - $160,000.

Why does HITRUST matter?

As healthcare becomes further dependent on evolving technologies to store and transmit data, cybersecurity and compliance have become progressively emphasized, yet convoluted, challenges. Navigating the tortuous labyrinth of federal, state, and third-party security mandates is a feat that can quickly consume an organization’s resources. If that isn’t enough, getting through all twists, turns, and pitfalls to achieve compliance is only half the battle. Healthcare organizations and IT vendors must also prove their compliance to guarantee they are a trusted business partner. With all considerations, isn’t it obvious the industry needs a system that is clear, standard, and secure? Thankfully, that’s exactly what HITRUST has established in order to put the trust in data security.

Additionally, with the recent push on privacy and high-profile regulations like GDPR, there is an increased desire to drive security and compliance as a higher priority into the product lifecycle. HITRUST can help do this within your organization. HITRUST isn’t easy, and it shouldn’t be. The experience we’ve gained as a company and the extensive testing of our technology brings great value to our customers.

Want to learn more about HITRUST audits or HITRUST assessments? Contact our experts today.