Ernst & Young LLP bolsters health providers and payer information security services through gaining HITRUST CSF Assessor status
8 June 2011 – Ernst & Young LLP announced today that it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor, a move that will enhance the firm’s ability to provide clients with increased visibility into the presence and effectiveness of information security and privacy controls that protect company data. The HITRUST CSF is the most widely adopted and recognized standard for information security in the health care industry.
“Companies in the health care sector have an immediate need to protect data and treat the risks associated with the adoption of electronic medical records, while simultaneously maintaining compliance with privacy and security laws and regulations,” said John Distefano, Ernst & Young LLP Advisory Services Health sector leader. “As a HITRUST CSF Assessor, we can help companies navigate the risks, seize opportunities and build long-term value.”
Earlier this year, HITRUST identified key areas of focus, including cloud computing, data protection, health information exchanges (HIEs), mobile devices and authentication management, as well as federal and state regulations and security standards. According to a report published by EY [http://www.ey.com/GL/en/Services/Advisory/IT-Risk-and-Assurance/Top-11-privacy-trends-for-2011] these new technologies and regulations are the key trends in driving business investment to protect personal and company data in a borderless world where anytime, anywhere access to information becomes increasingly prevalent, particularly in the health care industry.
As regulations and enforcement actions concerning data protection and privacy have expanded in recent years, the EY report notes that companies must be certain their enterprise-wide privacy protection strategies meet current needs and anticipate future challenges.
CSF Assessors provide trained resources to health care organizations of varying size and complexity to assess compliance with security control requirements and document corrective action plans that align with the CSF. Prior to becoming a CSF Assessor, organizations must go through a rigorous due diligence process and demonstrate strong information security practice and leadership, experience delivering information security solutions to health care organizations, and maintain a group of certified practitioners that can deliver CSF-related services to organizations.
“We are pleased to have EY on board as a CSF Assessor to help health care organizations with the process of adopting the CSF’s requirements for protecting information,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “The organization’s alignment in IT Risk and health care advisory services make it a natural fit for our program.”
Through the firm’s Information Technology Risk and Assurance practice, Ernst & Young LLP works with companies’ health care providers and payors to help manage IT risk and improve their information security programs. As a CSF Assessor, Ernst & Young LLP is approved to perform compliance assessment and pre-assessment engagements utilizing the CSF. Compliance assessments and subsequent reporting may be used to support HIPAA, HITECH and other federal and state requirements under US health care reform, including security risk analysis to qualify for the meaningful use incentive program.
“The legal mandate to meet the new requirements presents opportunities to overhaul information technology infrastructure as well as significant risks and challenges to protecting personal and company data,” said Bernie Wedge, Americas Information Technology & Risk Assurance Leader for Ernst & Young LLP. “As a HITRUST CSF Assessor, we now offer our health care clients additional services that support their IT risk management programs as they adopt the CSF.”
EY is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
EY refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity.
This news release has been issued by Ernst & Young LLP, a client-serving member firm of Ernst & Young Global Limited located in the US.
# # #