Baker Tilly Achieves HITRUST CSF Assessor Designation for Healthcare Organizations

Firm also can deliver integrated HITRUST/SOC 2 third-party assessments and assurance.

MILWAUKEE (September 13, 2016) – Nationally recognized accounting and advisory firm Baker Tilly Virchow Krause, LLP (Baker Tilly) today announced that it has been designated as a HITRUST CSF Assessor by the Health Information Trust Alliance (HITRUST).

With this designation, Baker Tilly is now approved to provide services using the HITRUST CSF, a comprehensive security framework intended to help healthcare organizations address  security, privacy and regulatory challenges facing healthcare organizations and to ensure compliance with healthcare (HIPAA, HITECH), third-party (SOC, PCI, COBIT) and government (NIST, FTC) regulations and standards.

“The healthcare industry faces a rapidly changing business, technology and regulatory environment, including internal and external risks and threats that could compromise sensitive and private information,” Tom Wojcinski, director of cybersecurity and technology risk at Baker Tilly, said. “The HITRUST CSF Assessor designation enhances our ability to help healthcare clients ensure data security and regulatory compliance so they can remain focused on mission-critical objectives.”

CSF Assessors serve an important role in helping maintain information security and privacy standards for the healthcare industry and the HITRUST CSF program. As a CSF Assessor, Baker Tilly will provide trained resources to healthcare organizations of varying size and complexity to help assess compliance with security control requirements and document corrective action plans that align with the CSF. Baker Tilly will provide assessment and remediation services to its clients.

"We are pleased to have Baker Tilly as a CSF Assessor to help healthcare organizations with the process of adopting and utilizing the CSF's requirements and give their customers confidence in the protection of their information," Ken Vander Wal, chief compliance officer, HITRUST, said. "The company’s long-standing expertise and leadership in health IT privacy and security solutions make it a perfect addition to our program.”

In addition, Baker Tilly can deliver integrated HITRUST/Service Organization Control 2 (SOC 2) third-party assessment and assurance reporting. The HITRUST/SOC 2 report allows a healthcare organization to provide assurance related to the operating effectiveness of its cybersecurity controls.

“Managing a healthcare entity in today’s evolving compliance environment is a challenging endeavor, made more complex and risky due to the amount and type of critical, sensitive and personal information that must be secured,” Mark Ross, Baker Tilly’s national firm leader in healthcare, said. “The HITRUST CSF Assessor designation further elevates our healthcare practice’s ability to assist healthcare organizations in safeguarding information while continuing to provide excellent patient care in the communities they serve.”

About Baker Tilly Virchow Krause, LLP (

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 territories, with 33,600 professionals. The combined worldwide revenue of independent member firms is $3.4 billion. Visit or join the conversation on LinkedInFacebook and Twitter.