HITRUST Assessment Handbook v1.2 Updates Released
Summary
HITRUST has released version 1.2 of its Assessment Handbook, introducing updates to procedures for evidence generation, testing expectations, reporting, and inheritance eligibility. These changes will be enforced for assessments submitted on or after April 15, 2026.
What changed
HITRUST has issued version 1.2 of its Assessment Handbook, a key document for its Assurance Program. The updates include revisions to Chapter 11.3 regarding evidence generated by intermediate software platforms, Chapter 11 for testing and evidence expectations, Chapter 15.1 for certification report status descriptions, Chapter 12.2 for inheritance eligibility clarification, and Chapter 15.4 concerning interim assessments. These changes aim to clarify and enhance the HITRUST assessment process.
Assessed Entities and External Assessors must familiarize themselves with these updates. HITRUST QA will begin enforcing the new criteria for assessments submitted on or after April 15, 2026. Failure to comply with the updated handbook requirements could impact the assessment and certification process.
What to do next
- Review HITRUST Assessment Handbook v1.2 for detailed changes.
- Update internal assessment procedures to align with new evidence, testing, and reporting requirements.
- Ensure all assessments submitted on or after April 15, 2026, adhere to the updated handbook criteria.
Source document (simplified)
Resources > News > HAA 2026-001 - Assessment Handbook v1.2 Release
HAA 2026-001 - Assessment Handbook v1.2 Release
Impacted Policy/Program Name HITRUST Assurance Program
Advisory Type Assurance Change
January 13, 2026
Overview
Version 1.2 of the Assessment Handbook is now available on the HITRUST website, and includes updates regarding:
Procedures to be performed when evidence is generated by an intermediate software platform in Chapter 11.3 Working Papers & Evidence.
Additional criteria in Chapter 11 Testing & Evidence Requirements to clarify HITRUST’s testing and evidence expectations.
HITRUST certification report status descriptions in Chapter 15.1 HITRUST Reporting
Clarification of inheritance eligibility based upon the certification status and certification expiration dates in Chapter 12.2 Reliance on Assessment Results Using Inheritance.
Ability to use an e1 or i1 in lieu of an interim assessment in Chapter 15.4 Interim Assessment.
For a detailed log of the changes, see HITRUST Assessment Handbook, Appendix B Summary of Changes.
Timeline
HITRUST expects all Assessed Entities and External Assessors to maintain awareness of the Assurance Program requirements through this Assessment Handbook. HITRUST QA will begin enforcing any new or updated criteria in version 1.2 of the Assessment Han dbook on assessments submitted as of April 15, 2026.
Additional resources
For any additional questions, please contact our Support team or a HITRUST Customer Success Manager.
You may also be interested in:
Dec 18, 2025
HAA 2025-006 HITRUST CSF v11.6 Creation Deadline for e1 and i1 Assessments
HITRUST Framework (CSF) Read Now Dec 18, 2025
HAA 2025-005 HITRUST CSF Version 11.7.0 Release
HITRUST Framework (CSF) Read Now Aug 22, 2025
HAA 2025-003 HITRUST CSF Version 11.6.0 Release
HITRUST Framework (CSF) Read Now << Back to News [Next
Advisory](/) >>
Subscribe to get updates,
news, and industry information.
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Security Framework alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when HITRUST News & Advisories publishes new changes.