HITRUST expects all Assessed Entities and External Assessors to meet the criteria described within this Assessment Handbook. Assessed Entities and External Assessors may contact their CSM or HITRUST Support (support@hitrustalliance.net) with questions on the criteria.
15.9.1 If criteria are not met that impact the scoring and/or certification results in an assessment, the Assessed Entity and/or External Assessor must make any corrections requested by HITRUST.
15.9.2 If criteria are not met that may mislead the reader of a HITRUST report to reach inaccurate conclusions, the Assessed Entity and/or External Assessor must make any corrections requested by HITRUST.
15.9.3 If an External Assessor does not meet the HITRUST assessment or testing criteria defined in this Assessment Handbook, HITRUST may request or perform one or more of the following actions based on the nature, quantity, and severity of the infractions:
- Remediation of the non-compliant assessment
- Rejection of the non-compliant assessment
- Written warnings of non-compliance
- Non-compliance meetings between HITRUST and External Assessor firm’s leadership
- External Assessor firm corrective action plans
- Tracking and reporting of non-compliance in External Assessor performance reports
15.9.4 If an Assessed Entity or External Assessor believes it is unable to meet certain criteria it may contact their CSM or HITRUST Support (support@hitrustalliance.net) for additional guidance.
15.9.5 At HITRUST’s discretion, it may provide alternatives to achieving the defined criteria in this Assessment Handbook. Any alternative solutions approved by HITRUST are granted on a one-time basis.