Information Security Services Widen at Ernst & Young
The Health Information Trust Alliance (HITRUST) has designated accounting and business consulting firm Ernst & Young as a Common Security Framework (CSF) Assessor, boosting the company’s information security services.
Ernst & Young, which expanded its IT services in April this year through the appointment of Mal Postings as its new Chief Technology Officer, can now help companies protect their data through the certification that has become a recognized standard for information security and privacy controls in the health care sector.
John Distefano, Ernst & Young LLP Advisory Services Health sector leader, said: “Companies in the health care sector have an immediate need to protect data and treat the risks associated with the adoption of electronic medical records, while simultaneously maintaining compliance with privacy and security laws and regulations. As a HITRUST CSF Assessor, we can help companies navigate the risks, seize opportunities and build long-term value.”
HITRUST had previously moved its focus to include cloud computing, data protection, health information exchanges (HIEs), mobile devices and authentication management, as well as federal and state regulations and security standards.
Ernst & Young said these technologies and regulations drive investments aiming to protect personal and company data in businesses. Specifically, they are said to be drivers of information security services in the health care sector.
The accounting firm said companies should ensure their information security protection strategies across enterprises meet clients’ current needs and foresee challenges in the future as privacy regulations continue to expand.
Ken Vander Wal, HITRUST chief compliance officer, said: “We are pleased to have Ernst & Young on board as a CSF Assessor to help health care organizations with the process of adopting the CSF’s requirements for protecting information. The organization’s alignment in IT Risk and health care advisory services make it a natural fit for our program.”
CSF Assessors see to it that health care organizations comply with information security requirements and document corrective action plans by providing resources to these organizations.
Organizations like Ernst & Young must first show strong information security practices, deliver information security solutions to health care organizations, and keep a group of certified CSF-related services providers before becoming CSF Assessors themselves.
Ernst & Young is authorized to perform compliance assessments and reporting using the CSF, which can be used in turn to support HIPAA, HITECH and other federal requirements under the US health care reform, including security risk analysis.
The accounting firm helps companies manage their information security risks and provides security programs through its Information Technology Risk and Assurance practice.
“The legal mandate to meet the new requirements presents opportunities to overhaul information technology infrastructure as well as significant risks and challenges to protecting personal and company data,” said Bernie Wedge, Americas Information Technology & Risk Assurance Leader at Ernst & Young LLP.