The HITRUST Common Security Framework (CSF) provides the most comprehensive
information risk management and compliance program for healthcare organizations.

HITRUST includes, harmonizes, and cross-references existing, globally recognized standards, regulations, and business requirements, including ISO, NIST, PCI, HIPAA and State laws such as the new California Consumer Privacy Act.

HITRUST provides a prescriptive and scalable framework offering multiple levels of implementation determined by your organization’s specific needs.


Meditology Services is a certified HITRUST assessor and an experienced assessor for SOC 2 attestations. Our healthcare security experts frequently advise healthcare executives on best practices for pursuing HITRUST certifications as well as SOC 2 attestation projects.


  • We have conducted hundreds of HITRUST certification and assessment engagements and have over a decade of HITRUST experience.
  • Meditology’s Managing Partner, Cliff Baker, served as the lead architect for HITRUST CSF. Our expertise with HITRUST is second to none.
  • We tailor each assessment to your organization’s unique compliance needs and work with you to ensure best-practice standards and requirements are implemented and followed.
  • Meditology focuses exclusively on serving the healthcare industry and is led by a team of experienced healthcare CISOs and CPOs.