Deloitte Becomes a HITRUST Common Security Framework (CSF) Assessor; Active in CSF Assurance Program

News provided by

Jul 29, 2010, 09:00 ET

NEW YORK, July 29 /PRNewswire/ -- As the dramatic rise in breaches, theft of patient health data and increasingly complex regulatory environment continues to put health care organizations and their business relationships under intense pressure and scrutiny regarding security and privacy, Deloitte, a global leader in risk consulting and security advisory services, today announced it has been designated as a Common Security Framework (CSF) Assessor status from the Health Information Trust Alliance (HITRUST).

HITRUST's CSF is the first information technology security control framework developed explicitly for health care information. As a CSF Assessor, Deloitte expands its ability to serve clients that process, store, transmit and use protected health information, as well as other sensitive information. In particular, Deloitte will be able to assist clients in streamlining their security and compliance processes, remediating information security gaps and complying with the HIPAA security rule, HITECH Act and state breach notification laws.

CSF Assessors are organizations approved by HITRUST to perform assessment and/or certification services associated with the CSF, including services delivered through the CSF Assurance program. In becoming a CSF Assessor, organizations must go through a rigorous due diligence process and demonstrate that they have a strong information security practice and leadership, experience delivering information security solutions to health care organizations, and a dedicated group of practitioners that can deliver CSF-related services to organizations.

"We are very excited to have Deloitte join the CSF Assessor program," said Daniel Nutkis, Chief Executive Officer, HITRUST. "Now more than ever, health care organizations are balancing greater regulatory compliance, facing growing exposure from third parties and achieving optimal operating efficiencies, which makes addressing information protection within their organization and amongst business partners more crucial than ever before. As a leader in both health care consulting and information security and privacy, Deloitte is well positioned to assist organizations in adopting and utilizing the CSF in these changing times."

Ted DeZabala, principal, Deloitte & Touche LLP and national leader of Deloitte's security & privacy practice said, "Achieving CSF Assessor status is a major accomplishment for our security and privacy practice and has the potential to benefit our clients and potential clients that we serve. Specifically, it enables us to bring to clients an innovative approach to HIPAA security rules and HITECH Act compliance requirements with the CSF as the foundation. Coupled with some of our other solutions such as our Privacy and Data Management Portal (PDMP™), we can also help our clients comply with the HIPAA privacy rule as well as individual state breach notification laws and international privacy laws and regulations in an integrated and harmonized manner."

"To facilitate the development of a robust information security program that meets regulatory requirements and satisfies meaningful use criteria, we chose to adopt the HITRUST CSF rather than one of the more generic standards such as ISO/IEC 27002," said Dr. Bryan Cline, CISO of Catholic Health East. "No single entity could afford the time and resources needed to develop a similarly comprehensive, health care-specific control framework. So I'm pleased to see Deloitte also recognizes HITRUST's value to the industry and subsequently obtain CSF Assessor status. I look forward to continuing our ongoing partnership as we implement an information security program founded on the CSF."

Deloitte, with one of the world's largest and most sophisticated security and privacy practices, integrates these services with a health sciences practice that focuses on health plan, provider and life sciences companies. This includes the Deloitte Center for Health Solutions, which provides thought leadership and rigorous research on health policy and health reforms in the U.S. health care system to improve health care efficiency and effectiveness.

"Health care reform in the U.S. brings a world of changes for the health care system and companies within this sector " said Dr. Paul Keckley, executive director for Deloitte's Center for Health Solutions. "A big part of this change is the federal government mandate for using electronic medical records. The HITRUST CSF has the potential to help companies significantly consolidate and accomplish compliance challenges posed by the new regulations and to avoid a potential major disruption to their operations going forward."

Please contact Russell Jones, leader of Deloitte's HITRUST CSF solution offering at [email protected] for more information.

About Deloitte

As used in this document, "Deloitte" means Deloitte & Touche LLP and Deloitte Services LP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit HITRUSTalliance.net.