Here’s my definitive ranking of top HITRUST providers, what they offer, who they’re best for, and projected costs.
As a cybersecurity professional who deals with a lot of different companies and industries, it’s become apparent to me that not every HITRUST provider fits every business’s needs.
Here’s my definitive ranking of top HITRUST providers, what they offer, who they’re best for, and projected costs.
SecurityMetrics provides a complete HITRUST solution, including readiness, remediation, implementation, and validation, with a focus on personalized pricing and expert advice.
SecurityMetrics partners with Privaxi, to do the heavy lifting of HITRUST readiness for customers, streamlining the overall documentation process. This lets customers be as hands-on or hands-free as they are comfortable being.
With a focus on business associates and those in the healthcare industry, SecurityMetrics has HITRUST experience with the following business types:
“I was expecting the HITRUST process to be more arduous because when we started the HITRUST process with our past assessor, it was harder. So, I was expecting more work. But partnering with Privaxi, and then working with SecurityMetrics made it a smooth process. Our SecurityMetrics HITRUST assessor had conversations with us and seemed to be experienced, and had more of an understanding of what we needed. The relationship worked very well.”
–Vice President of Operations Jason Lombardi,
Vita Companies
See Also: Read more about Vita Companies experience using SecurityMetrics for their HITRUST assessment here.
Your HITRUST assessment cost will greatly depend on which assessment type you choose. Here are the projected ranges for each assessment, including our white glove service, which significantly increases your chance of passing your assessment the first time around:
I highly recommend using the SecurityMetrics HITRUST calculator and inputting your organization’s information to get a more accurate assessment type and cost.
Coalfire has over thirteen years of experience in the industry as a HITRUST external assessor. Their clients tend to be cloud service providers. Coalfire offers gap analysis, documentation development, remediation support, and coordinated assessments.
Coalfire’s ideal client is someone who has struggled to manage compliance across multiple regulations and standards. Coalfire has set up their process to map controls across lots of frameworks to reduce audit fatigue and help customers meet multiple standards easier. A Coalfire HITRUST assessment is not as ideal for customers who lack budget or don’t need to meet multiple frameworks.
At the time of writing this blog, Coalfire currently doesn’t offer a price range or tool for estimating the cost of a HITRUST assessment.
A-LIGN offers comprehensive services including readiness assessments, validated e1, i1, and r2 assessments, interim testing, and HITRUST risk & advisory services. A-LIGN also provides HITRUST AI security and risk management assessments.
One of the most unique features of an A-LIGN HITRUST assessment is their proprietary compliance management platform.
You will need to contact A-LIGN directly for a custom quote. They will conduct an initial scoping call to understand your organization's specific needs, environment, and the type of HITRUST assessment you require.
Schellman is a prominent CPA firm specializing in IT Compliance and Cybersecurity. They are a major player in HITRUST assessments with an emphasis on the fixed-fee model and strong project planning.
Schellman HITRUST assessments work on a fixed-fee pricing model.
Schellman's staff emphasize that the type of HITRUST assessment influences the cost, but they mention that first-year certification can typically range from the mid-$60,000s up to $175,000.
Vanta is NOT a HITRUST assessor, but rather a compliance automation platform that has expanded its offerings to include support for HITRUST. Unlike traditional HITRUST assessors (like SecurityMetrics) that primarily provide human-led audit services, Vanta's core offering is a software platform designed to automate and streamline the compliance process.
Vanta is ideal for companies that want to automate their evidence collection process during their HITRUST assessment. By integrating with hundreds of common business tools, cloud providers, HR systems, and more, Vanta automatically collects evidence of control implementation, reducing the manual burden on internal teams during the audit process.
They don’t provide specific information on their solution’s price.
Choosing a HITRUST provider to partner with can be a challenging choice, especially with so many different players in the industry.
Identifying what is most important for your HITRUST assessment, whether it be support, cost, assessors with knowledge of your industry, turnaround time, and more, can help you identify who will be your best partner.
If you want more information about what to expect during a HITRUST assessment, check out the SecurityMetrics HITRUST Checklist here.
.svg)
