Sword & Shield Recognized as a HITRUST CSF Assessor

KNOXVILLE, TN – Sword & Shield Enterprise Security, Inc., a Knoxville TN-based IT security company, today announced it has been designated as a HITRUST CSF Assessor by the HITRUST CSF AssessorHealth Information Trust Alliance (HITRUST). Sword & Shield is one of only a select few companies nationwide to achieve Common Security Framework (CSF) Assessor recognition.

The HITRUST CSF is the first information technology security control framework developed explicitly for the protection of healthcare information. CSF Assessors are organizations approved by HITRUST to perform assessment and/or certification services associated with the CSF, including services delivered through the CSF Assurance program. In becoming a CSF Assessor, organizations must go through a rigorous due diligence process and demonstrate that they have a strong information security practice and leadership, experience delivering information security solutions to healthcare organizations, and a dedicated group of practitioners that can deliver CSF-related services to organizations.

“We are pleased to announce the designation as a HITRUST CSF Assessor. With the HITRUST approach, risk management and compliance are addressed within context of the specifics of the healthcare industry,” said Sword & Shield President and CEO John McNeely. “This comprehensive and unique security framework provides a very effective way of dealing with security risks and in meeting regulatory requirements such as HIPAA and the HITECH Act.”

With this designation, Sword & Shield can better serve the growing demand from healthcare organizations for assurance that their clients’ private healthcare information is safe amid heightened concern over security breaches. It also affirms Sword & Shield’s commitment to assist healthcare organizations with cost effectively assessing and mitigating risks associated with protecting electronic health information from those with intent to do harm.  Our Risk & Compliance Shield™ uses a risk-based approach and a smart web-based portal to help organizations comply and track compliance with federal, state and industry regulations and more securely protect Electronic Private Health Information (ePHI). Central to the Risk & Compliance Shield™ service is the CSF.

“HITRUST welcomes Sword & Shield as a CSF Assessor at a time when we are seeing increasing adoption of the CSF and participation in the CSF Assurance program,” said Daniel Nutkis, Chief Executive Officer, HITRUST. “As more healthcare organizations require their business partners to receive a CSF assessment, we are seeing greater demand for experienced resources to provide assistance with the assessment process. CSF Assessors such as Sword & Shield are uniquely qualified to provide this assistance.”

According to an RSA White Paper, Cybercrime in the Healthcare Industry, healthcare organizations are increasingly attracting cybercriminals.

“As evidence of this nearly one out of every six data breaches that occurred in 2009 was targeted at the healthcare industry, according to the Open Security Foundation” and will grow for numerous reasons, the paper reports. “For one, it pays. The World Privacy Forum has reported that the street cost for stolen medical information is $50, versus $1 for a stolen Social Security number. The average payout for a medical identity theft is $20,000, compared to $2,000 for a regular identity theft. Second, it is harder to detect. Medical information fraud takes more than twice as long to identify as compared to regular identity theft. Simply put, victims can close a compromised bank account, but they can’t delete or change their personal information, medical records or history of prescription use.”

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is part of the American Recovery and Reinvestment Act of 2009 (ARRA). ARRA contains incentives related to healthcare information technology in general and contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among healthcare providers. These funds are commonly referred to as Meaningful Use funds by the healthcare industry.

Today cybercrimes targeted at the healthcare industry is in its infancy. As more and more patient data is converted to electronic form, the risks associated with the security and privacy of the patient record increase exponentially.


Comments are closed.