The American Institute of CPAs has created an
Developed in collaboration with the Health Information Trust Alliance, the new illustrative report incorporates criteria from the HITrust Common Security Framework, and will help CPAs in reporting on the suitability of design and operating effectiveness of controls needed to meet the applicable trust services criteria and the HITrust CSF requirements.
“This means health care information providers can more easily expand their SOC 2 reports to include controls relevant to a wide array of regulations, standards, best practices and other information protection requirements,” said AICPA senior vice president for public practice and global alliances Susan Coffey in a statement.
An AICPA working group also developed
“Together, these new tools will enable practitioners who perform these engagements to streamline testing and reporting on controls based on both sets of criteria,” according to Coffey. “It is an excellent example of how SOC 2 reporting can be adapted and applied for use by a variety of industry groups.”
HITrust established the Common Security Framework for use by organizations that create, access, store or exchange personal health and financial information to enable service organizations to communicate information about the processes and procedures they use to meet the HITrust CSF requirements in addition to the applicable trust services criteria relevant to security, availability and confidentiality.