HITRUST® r2
HITRUST r2 - 2-year Validated Assessment provides the highest level of information protection and compliance assurance.
r2 is best suited for organizations that need to demonstrate regulatory compliance with authoritative sources like HIPAA, the NIST Cybersecurity Framework, and dozens of others or require expanded control tailoring based on other identified risk factors. It is the most comprehensive and robust HITRUST certification.
Benefits of the r2 Assessment
Ensures Robust Cybersecurity Practices
Ensures Robust Cybersecurity Practices
Maps to each authoritative source to deliver more precise and comprehensive cybersecurity
Tailors Approach Based On Risk
Tailors Approach Based On Risk
Provides tailoring to precisely select the prescriptive controls that cover the risk and compliance factors an organization needs
Adds Efficiency
Adds Efficiency
Saves time and effort by leveraging work from previous HITRUST assessments
Proves Highest Level Of Assurance
Proves Highest Level Of Assurance
Puts organizations into an elite group by demonstrating that they meet the most demanding information risk requirements
Offers Exclusive Access to Enhanced Cyber Insurance
Offers Exclusive Access to Enhanced Cyber Insurance
Provides access to an exclusive, third-party partnership for comprehensive coverage, streamlined underwriting, enhanced policy features, and predictable renewals from year to year.
Use Cases for the r2 Assessment
An r2 assessment can provide the highest level of information protection and compliance assurance
- When assurances are needed over specific authoritative sources or international requirements such as GDPR, PCI DSS, HIPAA, and more.
- For organizations processing large amounts of sensitive data and personal information, including PHI.
- For organizations that need to share reports with multiple entities.
- When an organization's customer has adopted HITRUST as the required assurance mechanism for doing business.
- To gain a competitive advantage by strengthening business relationships.
- To show justification for more favorable cyber insurance premiums.
An r2 assessment can generate a supplemental report
- When a NIST Scorecard Report is needed to demonstrate compliance with NIST Cybersecurity Framework controls.
- When a HITRUST Insights Report for HIPAA is desired as an add-on report from MyCSF®.
- During an r2 certification, the MyCSF Compliance and Reporting Pack for HIPAA automatically compiles HIPAA compliance evidence.
An r2 assessment can be used for third-party risk management
- To request from service providers that handle PII, ePHI, and other sensitive data requiring the highest assurance levels.
- For third-party vendors that present high levels of risk due to data volumes, regulatory compliance, or other risk factors.
- When your organization needs added confidence that a business partner provides rigorous cybersecurity protection and compliance.
Regulatory Assistance Center
HITRUST created the Regulatory Assistance Center to provide free guidance to organizations that have a HITRUST r2 certification and are preparing for or undergoing a regulatory audit.