+1.703.483.6383

ControlCase “Compliance as a Service” for HITRUST CSF Assurance Program


Following the recent update to the HITRUST CSF Assurance Program, an increasing number of healthcare organizations will now require their business associates to obtain CSF Certification.

Reston VA, USA

ControlCase, a leading global provider of Compliance as a Service (CaaS), Certifications, and IT Governance, Risk and Compliance (GRC) software announced its flagship offering CaaS will assist organizations in meeting the recent update to the HITRUST CSF Assurance Program. Already recognised by HITRUST as a CSF Assessor, ControlCase will work with clients to develop the operating model as well as the governance and risk structure for clients' HIPAA/ HITECH compliance programs.

The Health Information Trust Alliance (HITRUST) CSF is a certifiable framework that provides organizations with the needed structure, detail and clarity relating to information security for the healthcare industry. Utilizing a common set of information security requirements, the CSF Assurance program delivers simplified compliance assessments and reporting for HIPAA, HITECH, state, and business associate requirements.

In recent news, HITRUST announced an expansion of the healthcare industry’s use of the CSF Assurance program in support of efforts to better manage the third-party assurance process. As a result, an increasing number of organizations within the healthcare industry will now require their business associates to obtain the CSF Certification in the next 24 months. “The CSF Certification works to establish effective security and improve privacy practices aligned with the requirements of the health industry” said Bill Brody, VP – HealthCare Division at ControlCase.

“This development further reinforces the use of CSF Certification as a benchmark for information security in the healthcare industry and provides a perfect platform for clients to benefit from using ControlCase’s CaaS,” said Brody.

While many covered entities are leveraging the CSF Assurance program, more and more business associates are also requesting that their CSF Assurance reports be accepted by the healthcare organizations with whom they do business. This comes in an effort to minimize the duplicity, costs and inefficiencies resulting from the current multitude of assessment requests.

"To date, the HITRUST CSF is the most widely-adopted security framework in the U.S. Healthcare Industry,” says Ken Vander Wal, Chief Compliance Officer at HITRUST. “We have been reviewing and revising a number of policies and procedures around the CSF Assurance program, as well as augmenting our own capabilities and streamlining the process.” said Vander Wal.

It is safe to say, healthcare organizations are recognizing the rise in cyber threats and the significant role played by their business associates. “The CSF Certification establishes effective security and improves privacy practices aligned with the requirements of the health industry. We believe ControlCase CaaS will be the ideal platform for helping clients effectively manage their compliance as well as that of their business associates who are now subject to CSF Certification.” said Brody.

ControlCase is an approved HITRUST CSF Assessor providing a cost effective solution to help organizations assess themselves against HITRUST CSF.

For more information on ControlCase CaaS for HITRUST CSF Assurance Program, please contact Kimberly Simon at ksimon@controlcase.com

About ControlCase
ControlCase is a global provider of Compliance as a Service (CaaS), Enterprise Software and Services. Our offerings enable clients to effectively manage their IT Governance, Risk Management and Compliance Management (IT GRCM or GRC) efforts.
Headquartered in the United States, with locations in North America, Europe, Asia Pacific and the Middle East, ControlCase focuses on providing and developing services, software products, hardware appliances and managed solutions that focus on compliance regulations and standards; including PCI DSS, SOC1, SOC2, SSAE16, PIPEDA, ISO 27001/2, FERC/NERC, Sarbanes Oxley (SOX), GLBA, HIPAA/HITRUST, CoBIT, BITS FISAP SIG/AUP and EI3PA.

For more information, please visit the company website at www.controlcase.com


About HITRUST
Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST - in collaboration with public and private healthcare technology, privacy and information security leaders - has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.

HITRUST programs include the establishment of a common risk and compliance management framework (CSF); an assessment and assurance methodology; educational and career development; advocacy and awareness; and a federally recognized cyber Information Sharing and Analysis Organization (ISAO) and supporting initiatives. Over 84 percent of hospitals and health plans, as well as many other healthcare organizations and business associates, use the CSF, making it the most widely adopted security framework in the industry. For more information, visit http://www.HITRUSTalliance.net.