Practical application backed by industry expertise.

Take security efforts to the next quality level with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF). As a designated HITRUST CSF Assessor, Wipfli teams use the HITRUST CSF to asses client information security programs against regulatory mandates and industry standards (e.g., HIPAA, HITECH, CMS, PCI, COBIT, and NIST).

Wipfli experts can help develop a roadmap for the organization to pursue HITRUST certification. Wipfli's highly-experienced experts help set clients' scope and timing, identify and address gaps, and once ready, complet their validated assessments for HITRUST certification using a methodology proven to maximize results. 

Manage third-party risk using the HITRUST CSF. Using the HITRUST CSF, Wipfli can assess business partners to ensure they are meeting compliance requirements.

Learn more about Wipfli's Cybersecurity Services, Business Continuity, and SOC audits.

Featured Thought Leader

Paul J. Johnson, CISSP, CCSFP, CPA

Paul Johnson works with clients to assess, improve, and test their information security and risk management systems. He also helps clients determine their compliance with health care security requirements including HIPAA and HITRUST.

Karen Johnston, CIA, CFE, CISA, CCSFP

Karen has more than 15 years of experience in public accounting and private industry. She applies her experience in risk advisory services and assists her clients in protecting and tailoring their business environment to mitigate risk, identify trends, increase efficiencies, and gain a competitive advantage.


Rick is a career information security professional with over 35 years of experience working in health and financial industries, state and federal government, and for the U.S. Air Force. Rick brings thought leadership, practical hands on experience, and in-depth knowledge of program management, industry standards, realistic best practices and regulatory compliance to his clients. Rick has a reputation of establishing very long term working relationships with his clients.

Free Initial Consultation

Featured Insight

What You Should Know About Using AWS, Azure, and Other Third-Party Tools

This 4-part article series explores features of these third-party tools that can help address the assurances required across the 19 CSF assessment domains. Read Part 1. Read Part 2. Read Part 3.

Featured Insight

Attention Vendors: 5 Reasons to Start Your Path to HITRUST Certification Now

There are five big reasons now is the best time to start moving toward the new CSF program. 

HITRUST Partner Program

Although our HITRUST services can be tailored to meet your organization's specific needs, the Partner Program approach simplifies the path to implementing the HITRUST CSF and achieving certification.