Assessed Entities must achieve scores above a particular threshold to obtain a HITRUST certification.
The i1 and e1 assessments require the core i1 or e1 requirement statements in each domain to score at least an 83. Any requirement statements that are not part of the i1 or e1 core, but were included in the assessment due to an added Compliance factor are not considered in the domain score calculations. The following example shows the calculation for the average domain score for one sample domain.
The r2 assessment requires each domain to score at least a 62 to achieve certification. All requirement statements within a domain are averaged together to determine the domain score. The following examples include potential scoring scenarios for r2 assessments (certification with no CAPs or Gaps, certification with Gaps, certification with CAPS, and no certification).
r2 Scenario #1 Certification with no CAPs or Gaps
r2 Scenario #2 Certification with Gaps
r2 Scenario #3 Certification with CAPs
r2 Scenario #4 No Certification
