New York-based consulting firm Deloitte has been designated a Common Security Framework (CSF) Assessor by the Health Information Trust Alliance (HITRUST).
As a CSF Assessor, Deloitte officials say the company expands its ability to serve clients that process, store, transmit and use protected health information, as well as other sensitive information. In particular, Deloitte will be able to assist clients in streamlining their security and compliance processes, remediating information security gaps and complying with the HIPAA security rule, HITECH Act and state breach notification laws.
"Achieving CSF Assessor status is a major accomplishment for our security and privacy practice and has the potential to benefit our clients and potential clients that we serve," said Ted DeZabala, principal, Deloitte & Touche LLP and national leader of Deloitte's security and privacy practice. "Specifically, it enables us to bring to clients an innovative approach to HIPAA security rules and HITECH Act compliance requirements with the CSF as the foundation. Coupled with some of our other solutions such as our Privacy and Data Management Portal, we can also help our clients comply with the HIPAA privacy rule as well as individual state breach notification laws and international privacy laws and regulations in an integrated and harmonized manner," he said.
CSF Assessors are organizations approved by HITRUST to perform assessment and/or certification services associated with the CSF, including services delivered through the CSF Assurance program. In becoming a CSF Assessor, organizations must go through a rigorous due diligence process and demonstrate that they have a strong information security practice and leadership, experience delivering information security solutions to healthcare organizations, and a dedicated group of practitioners that can deliver CSF-related services to organizations.
"We are very excited to have Deloitte join the CSF Assessor program," said Daniel Nutkis, chief executive officer, HITRUST. "Now more than ever, healthcare organizations are balancing greater regulatory compliance, facing growing exposure from third parties and achieving optimal operating efficiencies, which makes addressing information protection within their organization and amongst business partners more crucial than ever before. As a leader in both healthcare consulting and information security and privacy, Deloitte is well positioned to assist organizations in adopting and utilizing the CSF in these changing times."
