the bdo center for healthcare excellence & innovation hitrust csf assurance program ·...
TRANSCRIPT
HITRUST CSF ASSURANCE PROGRAM
Cyber-attacks are on the rise, and healthcare has the bullseye on its back—the industry was the most attacked in 2015, surpassing financial services, information and communication, manufacturing, retail and wholesale, and energy and utilities. Coupled with the rise of technology to store and transmit valuable healthcare data, it’s more important than ever that healthcare providers not only achieve compliance, but prove they are indeed a trustworthy resource.
BDO recently took a significant step in filling that gap when it was designated as a HITRUST CSF Assessor by the Health Information Trust Alliance (HITRUST). With this achievement, BDO is now approved to provide services using the HITRUST CSF, a comprehensive security framework that addresses the multitude of security, privacy and regulatory challenges facing healthcare organizations to comply with healthcare, third-party and government regulations and standards.
CSF assessors like BDO provide trained resources to healthcare organizations of varying size and complexity to assess compliance with security control requirements and document corrective action plans that align with the HITRUST CSF.
THE BDO CENTER FOR HEALTHCARE EXCELLENCE & INNOVATION
“The industry’s transition to electronic health records (EHRs),
though critical to progress and innovation, has also opened the door to significant security and privacy risk. As an approved HITRUST CSF Assessor, BDO can help healthcare clients ensure they meet all regulatory requirements while protecting sensitive client and patient data.”
Patrick Pilch, Managing Director & National Leader of The BDO Center for
Healthcare Excellence & Innovation
CSF Assurance Program benefits include:
Reduced costs and complexityThrough the adoption of a common set of security (and privacy) objectives and assessment processes, the HITRUST CSF Assurance Program streamlines
how healthcare organizations manage business-associate compliance. Business associates can assess once and report to their many constituents, while healthcare organizations and other external parties benefit from a more complete and effective assessment process.
Managed riskThrough a commercially reasonable process, organizations achieve increased insight into their internal and third-party risks. By freeing resources
from reacting to new requirements and audits, organizations can take a proactive approach focusing on the other building blocks of an effective security management program.
Simplified complianceThrough a streamlined framework, organizations benefit from a consistent and efficient approach for reporting compliance with internal stakeholders,
HIPAA, HITECH, state and business associates.
HITRUST CSF Assurance Program
The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting for HIPAA, HITECH, state and business associate requirements. Leveraging the HITRUST CSF, the program provides healthcare organizations and their business associates with a common approach to manage security assessments, creating efficiencies and containing costs associated with multiple and varied assurance requirements.
HITRUST CSF Assessors are critical to helping uphold information security and privacy standards for the healthcare industry and a core component of the HITRUST CSF program by providing trained resources to healthcare organizations.
With the second phase of the U.S. Department of Health and Human Services’ Office of Civil Rights’ auditing efforts around HIPAA underway, BDO advises healthcare organizations to review their internal compliance and security controls and implement any necessary remediation actions in line with the HITRUST CSF. If you could benefit from BDO’s HITRUST services, please contact Shahryar Shaghaghi at [email protected].
“ The healthcare industry was the top target for cyberattacks last year, and as events this year have shown, that trend is not slowing down. Clients that take advantage of the HITRUST CSF framework can streamline HIPAA compliance and minimize cyber vulnerabilities.”
Shahryar Shaghaghi, National Leader of BDO’s Technology Advisory Services practice and Head of International BDO Cybersecurity
THE BDO CENTER FOR HEALTHCARE EXCELLENCE & INNOVATION
“Trust is a critical element of effective healthcare. That trust is built on a promise of confidentiality which, when broken—even inadvertently—jeopardizes the provider-patient relationship. Organizations certified under HITRUST can provide their patients and partners with ease of mind, ensuring they’re doing everything they can
to safeguard sensitive information.”Josh Ayers, Audit Managing Director in BDO’s Assurance practice
SOC2 Plus AuditsLeveraging the HITRUST CSF framework, BDO uses the HITRUST CSF Assurance Program to deliver a simplified, streamlined approach to completing a compliance assessment and reporting for HIPAA, HITECH, NIST, ISO, COBIT state and business associate requirements.
BDO HITRUST Service Offerings
HITRUST CSF CertificationGuided by the HITRUST CSF, BDO translates multiple security frameworks into a common language, developing a prescriptive framework for healthcare organizations to implement security controls in line with regulatory standards including HIPAA, NIST, ISO, COBIT, FTC Red Flags and PCI. HITRUST CSF certification provides organizations with a third-party assessment verifying their compliance with industry certifications for the HITRUST CSF.
Readiness Review and Remediation The depth of BDO’s healthcare and cybersecurity industry experience sets us apart and enables us to “connect the dots” across various systems and functional areas within a healthcare organization. Our team of cyber security analysts, hospital executives, physicians and accountants can leverage their experience to conduct readiness reviews for your organization and remediate any issues identified through that process.
HITRUST CSF ASSURANCE PROGRAM
CONTACT:
PATRICK PILCHManaging DirectorNational Healthcare Advisory [email protected]
MAURICE LIDDELLManaging Director Technology Advisory & [email protected]
JOSH AYERSManaging DirectorAssurance [email protected]
SHAHRYAR SHAGHAGHI National Leader, Head of International BDO Cybersecurity Technology Advisory [email protected]
The BDO Center for Healthcare Excellence & InnovationAs the healthcare industry enters an era of unprecedented transformation, anticipating and understanding the future state model of healthcare is more important than ever. From advising on complex joint ventures, to M&A services, to healthcare redesign, BDO’s multidisciplinary teams help organizations plan for and implement the financial and clinical changes needed to transform their institutions — and thrive in the years to come.
About BDOBDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 60 offices and over 500 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multi-national clients through a global network of 67,700 people working out of 1,400 offices across 158 countries.
BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information please visit: www.bdo.com.
Material discussed is meant to provide general information and should not be acted on without professional advice tailored to your firm’s individual needs. © 2017 BDO USA, LLP. All rights reserved.
Accountants | Consultants | Doctors www.bdo.com/healthcare
@BDOHealth www.bdo.com/blogs/healthcare
People who know Healthcare, know BDO.