Contact us
Contact us
Previous search terms

    HITRUST

    Risks to your organisation data are dynamic. In the face of ever evolving threats, discover how we turn challenges to triumphs
    Businessman Presenting Charts on Whiteboard with Copy Space

    In today's ever-changing security landscape, there is an increasing scrutiny from regulators, bigger penalties, and ever-increasing security and privacy concerns. The challenges faced by the organisations may vary from increasing precision of computer abuse and computer cybercrime, inconsistent business partner requirements and compliance expectations, gaining the assurances needed to allow organisations to safely engage with their customers and trading partners, and inefficient internal compliance management processes. Our HITRUST assurance programme will provide insights to build a proactive approach for covered entities and their business associates for data protection and security risk mitigation.

    Your journey to security starts with our HITRUST expertise

    As a HITRUST external assessor, KPMG in India is offering HITRUST assurance programme which provides organisations with a coordinated approach. This approach ensures all programmes related to security and privacy are aligned, maintained, and thorough to support an organisation’s risk management and compliance objectives. It acts as a central gatekeeper which takes into consideration internationally recognised security standards like NIST, HIPAA, FTC, PCI DSS, COBIT, Red Flags, ISO, and GDPR

    Roadmap for HITRUST Journey

    Setting expectations, Defining the scope, & Educating stakeholders 

    Readiness Assessment 
     

    Redemption support
     

    Self Assessment (if need be)
     

    Performing Validated Assessment 
     

    HITRUST QA Support,
    HITRUST Certificate

    The objective of our HITRUST Assurance Program is to establish a holistic approach for the organisations to manage information security risk

    Rising momentum of data intelligence. Big data and Ai core data concept image. Dark and light metallic blue block stacked and rising. Shallow depth of field. 3D illustration, 3D rendering.

    Assessment options to meet every level of assurance

    Assessment options to meet every level of assurance

    HITRUST certification caters to varying levels of budget, resources, and risk profile of an organisation

      • HITRUST Risk-based, 2-Year (r2) Validated Assessment + Certification

        A high level of assurance that focuses on a comprehensive risk-based specification of controls with an expanded approach to risk management and compliance evaluation

      • HITRUST Implemented, 1-Year (i1) Validated Assessment + Certification

        Provides a moderate level of assurance that addresses cybersecurity leading practices and a broader range of active cyber threats compared to e1 Assessment

         

      • HITRUST Essentials, 1-Year (e1) Validated Assessment + Certification

        Provides entry-level assurance focusing on critical information security controls and demonstrates that essential cybersecurity hygiene is in place

      Applicability of our HITRUST Assurance Programme

      Companies that access, create, transmit or store sensitive health information of US-based customers

      Companies concerned about the HIPAA law and penalties being levied by US regulators and 

      Service providers already providing or intending to provide any of the following services to US-based healthcare service providers such as:

      • Back-office support
      • Software development, host or support services
      • Transmission of health data
      • Business support to medical tourism/life insurance providers and
      • Support to US healthcare federal agencies such as CMS and FISMA.

      KPMG in India, A trusted and certified HITRUST external assessor

      • Accredited and Authorized

        KPMG being a certified HITRUST external assessor is authorized by the HITRUST Alliance to perform readiness, remediation and assessment work for certification using the HITRUST CSF. In addition, KPMG is on the AICPA task force which enables it to map the responsibility of the HITRUST CSF into the SOC 2+HITRUST reporting

      • Efficient Approach and Methodology

        KPMG can assist you with the adoption of the HITRUST CSF as the foundation of your security and privacy compliance program based on its cross functional approach and methodology in line with global practices

      • Continuous Support and Guidance

        KPMG guides and advice clients throughout the HITRUST certification journey (scoping exercise, self assessment and validated assessment) and assists them in responding to HITRUST QA and certification queries

      • Deep Expertise

        As a certified HITRUST assessor, we have a pool of experienced certified HITRUST CSF practitioners who deliver engagements for clients across various sectors

      KPMG in India HITRUST Service Offerings

      Assist organisations in assessing their current readiness towards HITRUST CSF certification requirements

      Prepare organisations for the validated assessment

      Assist organisation to establish the baseline of its system compliance and capability

      Identify high risk areas of non-compliance, residual compliance score, and corrective action plans

      Assist service organisations with a SOC 2+ report based on Trust Service Criterias (TSCs), as defined by AICPA, and additional category by HITRUST

      Opinion on fairness of presentation of description and suitability of design and operating effectiveness of controls based on relevant TSCs and HITRUST CSF

      Enable organisations to meet the applicable TSCs and the HITRUST CSF security and privacy criteria in a single report

      Enable organisations to communicate information about their compliance with regulatory requirements and organisation’s controls over protected sensitive information.

      Assist organisations in performing a HITRUST CSF validated assessment

      Assist organisations in submitting results to HITRUST for validation and certification

      Perform QA validation and provide responses to QA queries

      Assist organisations in framing Corrective Action Plan (CAP) and GAP analysis.

      Assist organisations by performing the necessary testing to express an opinion on SOC 2 report, and perform HITRUST CSF validated assessment in parallel to achieve HITRUST CSF certification

      Leverage the evidence, testing, and documentation across SOC 2 and HITRUST examination, ensuring synergies between these assessments and reducing audit fatigue.

      Explore the advantages of our HITRUST Assurance program

      A comprehensive program delivering unparallel benefits from risk mitigation to a strengthened security posture

      • Outlines organisations’ information risk management and compliance objectives
      • Helps mitigate cyber-related risks, through thorough controls and consistent approach to assessment
      • Reduces cost and provides a unified approach for managing data protection compliance
      • Evolves according to user input and changing conditions in the standards and regulatory environment at least on an annual basis
      • Rationalizes relevant regulations and standards into a single overarching security framework.

      Essence of HITRUST Certification is “Assess once and report many” thus saves time for multiple compliance

      Essence of HITRUST Certification is “Assess once and report many” thus saves time for multiple compliance

      Key Contacts

      Sundar Ramaswamy
      Sundar Ramaswamy

      National Co-Head - Cyber Assurance

      KPMG in India

      Rahul Singhal
      Rahul Singhal

      National Co-Head - Cyber Assurance

      KPMG in India

      M N Gururaja
      M N Gururaja

      Partner, Digital Trust, Advisory

      KPMG in India

      explore-insights
      Explore Insights
      advisory-offerings
      Explore Advisory service offerings

      Connect with us

      Contact our specialists for more information

      Contact us
      connect with us