KraftCPAs has earned the designation of HITRUST CSF Assessor through the Health Information Trust Alliance (HITRUST). With this achievement, KraftCPAs is now approved to provide services using the HITRUST CSF, a comprehensive security framework that addresses the multitude of security, privacy and regulatory challenges facing healthcare organizations in order to comply with healthcare (HIPAA, HITECH), third-party (PCI, COBIT) and government (NIST, FTC) regulations and standards. KraftCPAs is one of approximately 10 HITRUST CSF Assessors in Tennessee.
“The HITRUST CSF Assessor designation complements the comprehensive range of services our healthcare industry team currently provides various healthcare providers, institutional healthcare facilities and their vendors who must also safeguard patient information,” explained Gina Pruitt, the member-in-charge of the risk assurance & advisory services practice at KraftCPAs.
CSF Assessors like KraftCPAs are critical to helping uphold information security and privacy standards for the healthcare industry. They represent a core component of the HITRUST CSF program by providing trained resources to healthcare organizations of varying size and complexity in order to assess compliance with security control requirements and document corrective action (remediation) plans that align with the CSF.
“We’re happy that our risk assurance team has achieved this designation,” said Scott Mertie, president of Kraft Healthcare Consulting, LLC. “It’s a testament to their sophisticated level of information security expertise in the highly regulated industry we serve.”
For a firm to become a HITRUST CSF Assessor, it must have a minimum of five HITRUST Certified CSF Practitioners (CCSFP). To qualify for this certification, each person must have at least two years of experience in both healthcare and information security prior to beginning the application process. Then they complete six to 10 hours of guided self-study and approximately 20 hours of face-to-face training before sitting for a two-hour exam. To maintain the certification, the professionals must also participate in ongoing training and recertify every two years. KraftCPAs, as a HITRUST CSF Assessor, was also required to develop and implement various organizational quality assurance procedures.
“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive health information is accessed or stored in a cloud environment,” said Ken Vander Wal, Chief Compliance Officer of HITRUST. “We are pleased that KraftCPAs has taken the steps necessary to become a designated HITRUST CSF Assessor, and we expect their clients to have confidence in this designation.”