Pool of CSF Certifiers expanding as more organizations adopt the Common Security Framework
Oct 13, 2009
Frisco, TX – October 13, 2009 – The Health Information Trust Alliance (HITRUST) announced today that two more organizations have joined the growing list of professional services firms designated as HITRUST CSF Certifiers. Lattimore Black Morgan & Cain (LBMC), the largest regional accounting and professional services firm based in Tennessee, and Solutionary, an information security company with a wide range of managed security solutions and professional services, have received CSF Certifier status during a time when HITRUST continues to experience an increase in the number of healthcare organizations beginning the certification phase of the CSF.
CSF Certifiers are those organizations that have been approved by HITRUST for performing readiness assessment, remediation and certification work associated with the Common Security Framework (CSF), the de-facto standard for protecting health information that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). LBMC and Solutionary join a growing list of firms recognized as CSF Certifiers.
“With the greater emphasis on the adoption of electronic health records (EHRs) and health information exchanges (HIEs), as well as increasing privacy and security regulations at the state level, HITRUST is seeing an even greater need than before for healthcare organizations to adopt the CSF and achieve HITRUST Certification,” said Daniel Nutkis, CEO, HITRUST. “Firms such as LBMC and Solutionary are critical to our efforts to provide resources to organizations of all sizes that allow them to demonstrate compliance with security control requirements and document corrective action plans that align with the requirements of the CSF.”
HITRUST Certification is fundamentally geared towards moving the healthcare industry forward with respect to security controls, and the adoption of the CSF is a key component in aiding organizations and HIEs in ensuring appropriate information protection safeguards are in place and legal and compliance requirements are met. This approach, combined with the efforts of a qualified CSF Certifier, allows for the manageable implementation of the CSF, while progressively increasing the ability for the healthcare industry to protect the confidentiality, integrity and availability of protected health and other sensitive information.
“Obtaining CSF Certifier status allows us to better serve our healthcare industry clients by providing them with the confidence and guidance needed to successfully adopt the CSF and implement an information security program designed at its core to protect personal health information,” said Mark Fulford, Partner, LBMC Risk Services / IT Assurance. “As a CSF Certifier we are well positioned to meet the demand from organizations and HIEs committed to managing internal and third party compliance.”
By providing the healthcare industry with a best practice-based, prescriptive security framework that normalizes existing security requirements, HITRUST and the CSF Certifiers are able to aid organizations in reducing the inefficiencies and complexities associated with managing security on their own. Adding to the complexity for organizations already challenged with protecting health information and ensuring compliance, is the introduction of state-specific information security requirements for HIEs, which present new issues and risks in the form of data protection and trust between organizations, consumers and government agencies. HITRUST CSF Certifiers are uniquely positioned to aid all these entities as they seek to comply with a myriad of requirements and enforcement actions at the federal and state levels.
“As thousands of organizations work to comply with HIPAA and other security regulations, we believe it is imperative that they develop an understanding of the rules and take the necessary steps to become compliant,” said Mike Hrabik, chief technology officer, Solutionary. “Our involvement with HITRUST as a CSF Certifier demonstrates our commitment to providing our healthcare clients, many of whom have limited resources of their own, with practical solutions that meet current business and regulatory requirements.”
The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit HITRUSTalliance.net.
All product and company names herein may be trademarks of their respective owners.