Deloitte has been designated as a Common Security Framework (CSF) Assessor status from the Health Information Trust Alliance (HITRUST), according to the consulting firm. HITRUST’s CSF is the first information technology security control framework developed explicitly for health care information.
As a CSF Assessor, Deloitte expands its ability to serve clients that process, store, transmit and use protected health information, as well as other sensitive information, the consulting firm says. In particular, Deloitte says it will be able to assist clients in streamlining their security and compliance processes, remediating information security gaps and complying with the HIPAA security rule, HITECH Act and state breach notification laws.
CSF Assessors are organizations approved by HITRUST to perform assessment and/or certification services associated with the CSF, including services delivered through the CSF Assurance program, the Deloitte source explains. In becoming a CSF Assessor, organizations must go through a rigorous due diligence process and demonstrate that they have a strong information security practice and leadership, experience delivering information security solutions to health care organizations, and a dedicated group of practitioners that can deliver CSF-related services to organizations.
“We are very excited to have Deloitte join the CSF Assessor program,” comments Daniel Nutkis, Chief Executive Officer, HITRUST. “Now more than ever, health care organizations are balancing greater regulatory compliance, facing growing exposure from third parties and achieving optimal operating efficiencies, which makes addressing information protection within their organization and amongst business partners more crucial than ever before. As a leader in both health care consulting and information security and privacy, Deloitte is well positioned to assist organizations in adopting and utilizing the CSF in these changing times.”
Ted DeZabala, principal, Deloitte & Touche LLP and national leader of Deloitte’s security & privacy practice comments, “Achieving CSF Assessor status is a major accomplishment for our security and privacy practice and has the potential to benefit our clients and potential clients that we serve. Specifically, it enables us to bring to clients an innovative approach to HIPAA security rules and HITECH Act compliance requirements with the CSF as the foundation. Coupled with some of our other solutions such as our Privacy and Data Management Portal (PDMPTM), we can also help our clients comply with the HIPAA privacy rule as well as individual state breach notification laws and international privacy laws and regulations in an integrated and harmonized manner.”