LOUISVILLE, Colo., Oct. 12, 2011 /PRNewswire/ -- Colorado-based Coalfire, an independent IT Governance, Risk and Compliance firm, today announced it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. With this achievement, Coalfire is now approved to deliver security risk assessments using the CSF, a comprehensive framework that consolidates and normalizes the existing security requirements for healthcare organizations.
The HITRUST CSF is the most widely adopted security framework in the healthcare industry, and HITRUST CSF Assessors are the only organizations approved by HITRUST to perform CSF-related services associated with the HITRUST CSF Assurance program. Coalfire is pleased to join this elite group of information security professionals, and applauds the work done to date by HITRUST to provide the healthcare industry with a compliance roadmap leading to independent certification.
As one of the nation's leading independent IT GRC firms, Coalfire is well-qualified to help healthcare organizations (e.g., health plans, health care clearinghouses, health care providers, and their business associates) navigate the complexities of the data security and privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Over its 10-year history, the firm has completed hundreds of assessments for both Covered Entities and Business Associates.
Coalfire tailors each assessment based upon the unique compliance needs of each client and combines the HIPAA requirements with those of other requirements in scope, including industry best-practice standards. For example, healthcare clients increasingly draw up Coalfire's strong heritage as a leading provider of Payment Card Industry Data Security Standard Reports on Compliance in tandem with HIPAA/HITECH security assessments. At the conclusion of the assessment, Coalfire provides a comprehensive report designed to give meaning to the data, including a detailed technical report, an executive summary for boardroom action and a full presentation on assessment findings.
"Healthcare organizations must deal with a labyrinth of federal, state, and industry data privacy and security regulations that are constantly evolving," said Kerry Shackelford, Coalfire's managing director of healthcare services. "As a HITRUST CSF Assessor, our expertise and unique qualifications have been recognized and we stand ready to help our healthcare industry clients assess and mitigate IT security risks."