HITRUST taps Booz Allen as CSF Assessor

Will conduct security audits as healthcare moves to cloud, goes mobile

The Health Information Trust Alliance (HITRUST) has designated Booz Allen Hamilton as a Common Security Framework (CSF) Assessor.

HITRUST's CSF, billed as the most widely-adopted security framework in the U.S. healthcare industry, is meant to give health organizations a "roadmap" toward stronger security protections. As a CSF Assessor, Booz Allen will conduct information security audits for healthcare organizations of varying size and complexity, gauging compliance with security requirements and standards, and helping devise tools to help organizations align with the CSF, officials say.

"Booz Allen Hamilton understands the new cyber security risks and challenges facing the healthcare industry as it moves toward new models of integrated delivery leveraging digital, mobile and cloud technologies," said Booz Allen Principal Bill Fox. "We believe that a robust cyber health strategy must be a fundamental pillar for any healthcare organization and look forward to supporting HITRUST and the healthcare industry as a valued CSF Assessor."

As health organizations become increasingly reliant on health IT – leaving personal health information and financial data more exposed, and increasing threats to systems and patient privacy – HITRUST officials say Booz Allen's healthcare-specific cyber security expertise can help safeguard those those organizations' data.

Booz Allen's own cybersecurity model, CyberM3 – which deploys technology and analytics, as well as business process engineering and human capital development – helps organizations measure, manage and mature their cybersecurity programs, officials say. The HITRUST CSF and organization assessments will be incorporated as part of the Booz Allen CyberM3 offering to healthcare clients.

"We are pleased to have Booz Allen as a CSF Assessor to help healthcare organizations with the process of adopting and utilizing the CSF's requirements for protecting information," said Ken Vander Wal, HITRUST's chief compliance officer. "The company's long-standing expertise and leadership in health IT privacy and security solutions make it a perfect addition to our program."