• Leverages existing, globally recognized standards, including HIPAA, NIST, ISO, PCI, FTC and Cobit
• Scales according to type, size and complexity of an implementing organization
• Provides prescriptive requirements to ensure clarity
• Follows a risk-based approach offering multiple levels of implementation requirements determined by risks and thresholds
• Allows for the adoption of alternate controls when necessary
• Evolves according to user input and changing conditions in the healthcare industry and regulatory environment

Fortrex is certified to conduct CSF assessments for healthcare organizations. The CSF assessment will help your organization:

• Meet your Phase 1 Meaningful Use Requirement
• Use findings from a single assessment to understand adherence to multiple compliance requirements (e.g. PCI-DSS, HIPAA, ISO 27002, etc.)
• Achieve increased insight into internal and third-party risks
• Reduce cost with and efficient approach for reporting compliance with internal stakeholders, HIPAA, HITECH, state, and business associates

As a framework, the CSF provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. Fortrex CSF assessments fulfill HIPAA Security Rule § 164.308(a)(1)(ii)(A) and Centers for Medicare and Medicaid Services (CMS) Meaningful Use Stage 1 risk analysis requirements and provide actionable recommendations for treatment of risks and vulnerabilities to the confidentiality, integrity, and availability of Protected Health information (PHI).