skip to Main Content

The most rigorous and successful approach to obtaining your Information Security Goals

As the leading HITRUST CSF Assessor Organization, BEYOND HC LLC brings together its experience and knowledge with the HITRUST CSF methodology to streamline and accelerate the certification process whether you choose the i1 or the r2 certification. Our approach embraces the certification requirements and protocols defined by HITRUST while formalizing a program that overcomes the intricacies and challenges of a complex process. Becoming HITRUST Certified whether it be the i1 or r2 should not be a burden on your team or your budget. At BEYOND HC LLC, we will walk with you through the process, and provide the assistance as required by you and your team. The BEYOND HC LLC business model is a proven approach that results in 100% success. We look forward to working with you and your team.

The BEYOND HC LLC Difference

Established project management // All Team Members CCSFP // Phased approach that reduces cost, time and complexities
Pre-determined quality assurance checkpoints that safeguards the prospect for on-time certification
Assessment program that harmonizes similar control objectives // Continuous status reporting through the HITRUST journey


Phase 1 – Readiness Assessment
(Learn what needs to be fixed)

To determine if your company is ready to complete the i1 or r2 HITRUST Validated Assessment for certification.

Phase 2 – CIO Security Services | GAP Remediation
(Now you know…let’s fix it)

This phase is based on the completed Readiness Assessment (Phase 1) and other gaps identified within your Information Security Program “ISP” that need to be addressed prior to going through your HITRUST Validated Assessment.

Phase 3 – i1 or r2 Validated Assessment | Bridge Assessment
(Let’s get certified)

The BEYOND Validation Team (all CCSFP certified) will work with your organization to navigate and obtain success through the HITRUST Validation process with the end goal of obtaining your certification.

Phase 4 – Interim Assessment | ISP Maturity
(Maintaining certification)

This phase is the mid-review and maintenance that takes place within a year after the HITRUST Certification is received.

What is new with BEYOND HC LLC ... and within the HITRUST world

BEYOND HC LLC is growing…
We are pleased to announce we have added two new members to BEYOND’s top-notch Validation Team, a Project Manager and a CCSFP Assessor. With our new members, each will bring their own unique experiences, while allowing BEYOND HC LLC to expand our services on both the Validation Team and the Security Team to meet our client needs. We wish our new team members much success!

Covid 19 continues…
With the upswing of the virus, BEYOND HC LLC is following the guidelines set out by HITRUST pertaining to the required site-visit. At this time HITRUST still has the required visit still on hold. Currently, there is no guidance on when this may change. BEYOND continually checks with HITRUST for updates and will keep our clients and prospective clients in the loop.

HITRUST CSF v9.5, v9.6…and eventually v10
HITRUST will be updating the CSF to version 10, however this is not expected until late 2022 | 2023. In the meantime, v9 has been updated with many new versions – v9.5.0, v9.5.1, v9.5.2, v9.6.0 and v9.6.1. These new versions closely mirror the content of previous r2 versions. From v9.4, there has been the expansion of the HIPAA Privacy requirements, as well as access to the MyCSF Compliance and Report Pack for HIPAA. v9.6 incorporates modifications of certain requirement statements that mirror the new 1-year (i1) Validated Assessment release. Also the v9.6 versions allow the selection of the NIST SP 800-53 revision 4 as a compliance factor. To learn more about the i1 Assessment or the multiple versions of the r2 Assessment, please reach out to any BEYOND Team Member.

Additional Note…
With so many changes happening in our everyday world, please reach out to us with any questions you may have or any guidance you may need. We want to be part of your team as you successfully obtain (or maintain) your HITRUST certification.


BEYOND HC LLC‘s focus is to create an individualized program for our clients – whether you are a start-up or an established company.  Our goal is to help your organization innovate, transform and be successful in achieving their information security goals.

BEYOND HC LLC is a HITRUST Assessor Organization.  The organization and its team of professional IT and IS consultants are led by Cathlynn Nigh, a compliance specialist with 20+ years of experience in risk, audit, information security and regulatory administration.  The BEYOND HC team are all highly-training CCSFP Practitioners who focus includes:

  • Readiness Assessment
  • IT | IS GAP Remediation
  • Policy | Procedure Guide Creation
  • CISO | Security Advisory Services
  • HITRUST Compliance Validations

This specialization offers clients the kind of expertise and attention that streamlines the process and delivers cost and time efficient solutions for your company.

BEYOND HC LLC is an SBA woman-owned business.  Our specialized focus and deep expertise sets us apart from other firms.  We look forward to working with you towards your companies success.

    Upcoming | Recent Events

    HIMSS 2023 – Chicago, Illinois
    April 18 – 20, 2023
    HITRUST Booth #3717

    HITRUST Collaborate – Grapevine, Texas
    Dates: October, 2023 (exact dates TBD)


    Ray Biondo Promoted to Executive Vice President and CIO for BEYOND HC LLC

    Chicago Illinois, Orlando FL, Denver CO; January 4, 2021 – BEYOND HC LLC, a woman…

    Read more

    BEYOND HC LLC Facilitates another HITRUST Community Extension Program Event hosted by Aim Specialty Health and Blue Cross Blue Shield Association

    Chicago Illinois, January 23, 2019 – BEYOND HC LLC, a woman owned HITRUST CSF Assessor…

    Read more

    Three Mistruths about the Anthem Breach and HITRUST CSF Certification

    Ray Biondo Senior Vice President and CISO BEYOND HC LLC It has been dismaying to…

    Read more

    How Cathlynn Nigh Is Going Above and BEYOND the Competition

    From American Healthcare Leader (AHL): When Cathlynn Nigh worked in compliance and internal audit at…

    Read more

    BEYOND HC LLC Facilitates HITRUST Community Extension Program (CEP) Event at Cleveland Clinic

    Chicago Illinois, May 16, 2018 – BEYOND HC LLC, a woman owned HITRUST CSF Assessor…

    Read more

    Cathlynn Nigh

    Founder / CEO
    Ms. Nigh is the CEO of BEYOND HC LLC. BEYOND is a woman owned and operated consulting firm that is specific to performing HITRUST Assessments. BEYOND provides their clients a personalized “one to one” approach to the highest level of service and quality...
    Read more

    Ray Biondo

    Executive Vice President Chief Information Officer (CIO)
    Mr. Biondo is Executive Vice President, Chief Information Officer for BEYOND HC LLC. Ray is a senior IT executive with over 30 years of experience in the specialized field of Information Technology. He has led application development teams...
    Read more
    About HITRUST

    The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.

    HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.

    The CSF is an information security framework that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). As a framework, the CSF provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry.

    Whether your organization deals directly or indirectly with the health care industry, HITRUST certification is good for your business:

    • Helps you manage regulatory compliance and risk management
    • Opens access to prospective clients who require their vendors to be HITRUST Certified
    • Once in place, certification can be renewed, budgeted and managed

    Download #1 – Conquering the HITRUST Mountain

    If you’re in the healthcare business, you’re in the HITRUST business – whether you know it or not. With many Payers and Providers requiring their vendors to be HITRUST CSF Certified, many healthcare companies are finding that HITRUST is a non-negotiable business priority that needs to be addressed.

    But certification is hard. Requiring hundreds of hours from company employees…the path to HITRUST can be daunting and difficult to navigate for established companies and newcomers alike.  To help you better understand what you’re up against and how you can be successful in achieving HITRUST certification, BEYOND HC LLC offers this ebook Conquering the HITRUST Mountain to learn:

    • What you can expect during the HITRUST process
    • How to choose the right HITRUST assessor and build the right team
    • How to accelerate your timeline and alleviate costs along the way

    Download #2 – Audit Once Use Many

    In addition BEYOND HC LLC also offers their successful white paper “Audit Once Use Many…the benefits of a HITRUST Certification”.  Please let us know which document you would like to receive and we will send to you immediately.

      Fill in your information below and select which download you would like to receive.

      PHASE 1: BEYOND Readiness Assessment

      BEYOND will identify gaps in your existing environment that could prevent HITRUST certification and provide detailed information on the findings, recommendations, strategy, and timeline for developing your Information Security Program “ISP” to meet the current HITRUST framework.

      A readiness assessment is an essential part of any organizational change management program and should be completed before you launch technical implementation and update or recreate your documentation.

      • Determine the scope of the assessment.
      • Questionnaire / Interviews are completed.
      • Constant contact – frequent communication / status meetings throughout.
      • BEYOND will review, conduct analysis and develop a working draft report.
      • BEYOND will review findings and draft report with the client.

      PHASE 2: Security Services | GAP Remediation

      Let’s put BEYOND’s CIO executive leadership and security knowledge to work for your organization.  Our security services offer you access to a team of professionals that provide the required subject matter expertise to help you strengthen your “ISP”.

      As a team we can develop and manage your security program.  We will quickly work with you to gain knowledge and build a strategy on addressing your security gaps.  With our mature and vast knowledge of the security environment, we will go to work to solve these problems for you with results that you can rely on.

      This work can include:

      • Implementation of products / managed services
      • Internal processes such as BC/DR Plan | Data Classification | Incident Response | IT Vendor Management | Risk Management | Teleworking (WFH) | vCISO Services
      • The creation of necessary documents (Policy / Procedure Guides) that are written to communicate each step clearly and developed to meet your compliance needs.

      PHASE 3: Validated Assessment | Bridge Assessment

      BEYOND customizes each CSF Assessment plan to serve the unique needs and scoped environment of your organization.  Whether you are going through certification the first time, or recertifying we work with each of our clients individually for their success.  Through carefully outlined steps, BEYOND will conduct the assessment using our expertise and knowledge of HITRUST to obtain the goal of certification.

      • Confirm the scope of the assessment.
      • Create the required Test Plan for use in the assessment.
      • The same validation team will work with you throughout the entire assessment.
      • Constant contact – frequent communication | status meetings throughout.
      • BEYOND will analyze the results and validate all responses.
      • Investigate | conducted interviews to clarify all findings.
      • Address needs for conducting “BRIDGE Assessment” if required.

      PHASE 4: Interim Assessment | ISP Maturity

      The Interim Assessment follows the same guidance as the Validated Assessment, with a reduced number of requirements.  Leading up to the Interim Assessment, The BEYOND Security Team will work with you to ensure you are ready for the Interim Assessment.

      • Policy | Procedure Documentation maintained and updated
      • CAPS (if applicable) addressed
      • Continued maturity of your ISP

      The mid-certification review will then be conducted by the BEYOND Validation Team and follows the same process as the Validated Assessment (see Phase 3 Validated Assessment).

      Years of Healthcare Experience
      Companies Helped
      in the Industry