Press Release

Coalfire Recognized as a HITRUST CSF Assessor for Healthcare Organizations

October 12, 2011

Leading IT GRC firm expands HIPAA-related services

Louisville, Colo. (Oct. 12, 2011) – Colorado-based Coalfire, an independent IT Governance, Risk and Compliance firm, today announced it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. With this achievement, Coalfire is now approved to deliver security risk assessments using the CSF, a comprehensive framework that consolidates and normalizes the existing security requirements for healthcare organizations.

The HITRUST CSF is the most widely adopted security framework in the healthcare industry, and HITRUST CSF Assessors are the only organizations approved by HITRUST to perform CSF-related services associated with the HITRUST CSF Assurance program. Coalfire is pleased to join this elite group of information security professionals, and applauds the work done to date by HITRUST to provide the healthcare industry with a compliance roadmap leading to independent certification.

As one of the nation’s leading independent IT GRC firms, Coalfire is well-qualified to help healthcare organizations (e.g., health plans, health care clearinghouses, health care providers, and their business associates) navigate the complexities of the data security and privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Over its 10-year history, the firm has completed hundreds of assessments for both Covered Entities and Business Associates.

Coalfire tailors each assessment based upon the unique compliance needs of each client and combines the HIPAA requirements with those of other requirements in scope, including industry best-practice standards. For example, healthcare clients increasingly draw up Coalfire’s strong heritage as a leading provider of Payment Card Industry (PCI) Data Security Standard (DSS) Reports on Compliance in tandem with HIPAA/HITECH security assessments. At the conclusion of the assessment, Coalfire provides a comprehensive report designed to give meaning to the data, including a detailed technical report, an executive summary for boardroom action and a full presentation on assessment findings.

“Healthcare organizations must deal with a labyrinth of federal, state, and industry data privacy and security regulations that are constantly evolving,” said Kerry Shackelford, Coalfire’s managing director of healthcare services. “Our goal is to help healthcare organizations meet compliance goals and protect sensitive patient and consumer data as efficiently as possible. As a HITRUST CSF Assessor, our expertise and unique qualifications have been recognized and we stand ready to help our healthcare industry clients assess and mitigate IT security risks.”

“By obtaining HITRUST CSF Assessor status, Coalfire is able to offer security and compliance services to help healthcare organizations develop compliance programs and assess their programs against the HITRUST CSF,” says Rick Dakin, CEO and senior security strategist of Coalfire. “Whether you are a small clinic that needs a meaningful use program or a large third party payer that wants to get on the path to becoming HITRUST CSF Certified, Coalfire has a program that both reduces compliance risk and drives towards that achievement. Invest in your security and compliance programs with the confidence that your trusted advisor is a HITRUST trained and certified professional.”

About Coalfire

Coalfire is a leading, independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York and Seattle and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire has developed a new generation of cloud-based IT GRC tools under the NavisTM brand that Coalfire clients use to efficiently manage IT controls and keep pace with rapidly changing regulations and best practices. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, NERC CIP, Sarbanes-Oxley and FISMA. For more information, visit