How to Certify

SECURETexas uses the benchmarks contained in HITRUST’S Common Security Framework (CSF) to assess an entity’s past compliance with state and federal privacy and security laws that govern the use of electronic health record systems.

The CSF is a scalable, prescriptive and certifiable framework that incorporates a multitude of state and federal regulations, U.S. and international standards, and best practices maintained and updated for the health care industry.

SECURETexas builds upon the CSF’s existing framework to integrate Texas requirements into its assessment tool.

The certification process includes the following:

READINESS ASSESSMENT. Assess your organization against HITRUST’s Common Security Framework (CSF) to determine if your organization is ready to conduct a certification review.

REMOTE ASSESSMENT (if applicable). If your organization generates less than $5 million/year in revenue, you may complete your own assessment (utilizing HITRUST’s MyCSF tool), and submit the assessment directly to HITRUST, who will validate the results.

THIRD-PARTY ASSESSOR (if applicable). If your organization generates more than $5 million/year in revenue, a third party, HITRUST CSF assessor must conduct an on-site assessment.

CERTIFICATION. If your organization meets the standards outlined in the CSF assessment, HITRUST will provide a recommendation letter that the assessed entity can submit to THSA for certification. If the THSA agrees with HITRUST’s recommendation, the THSA will issue a certification letter to your organization within 10-15 business days of receipt of payment and HITRUST materials.

For pricing information, click here.

While the THSA and HITRUST partner together to administer the program, one of HITRUST’s strengths is that it allows entities to contract independently with approved HITRUST CSF assessor organizations, none of which are HITRUST-owned.

To get started, click here.