HIPAA Blog Posts: HIPAA Compliant Checklist
Trying to do an official certified NIST risk assessment from HIPAA policies written in the past is like translating hieroglyphics into English. The pathway to a Certified NIST Risk Assessment is having NIST policies in place. A NIST policy is one written to address a specific safeguard on the NIST CyberSecurity Framework (CSF).
To get HIPAA compliant in three days and prove it, you need; a risk assessment, updated policies, and documented staff training, which can be done with the investment of a few hundred dollars and a few hours over three days.
If you want to have the quickest of tests for whether your organization is HIPAA compliant check for the three legs of the stool; risk assessment, updated policies and procedures, and staff training on the updated policies and procedures.
HHS has repeatedly emphasized that HIPAA complance is a process, not an event, but what is the basic process? We call this the Cycle of Compliance and the basic elements are an initial risk assessment, risk remediation, training and awareness and then another risk assessment to measure your progress.
If you store, access, transfer or create PHI you are a target. “Hackers target health care as industry goes digital”, (PC World), “Anthem hack: 'Healthcare is a target'” (Healthcare IT News), “Why Hackers are Targeting The Medical Sector” (Washington Post).
Many small companies avoid a HIPAA risk assessment because they think it is too difficult, too expensive and will reveal their non-compliance. The key is to use an on-line system that allows you to measure, remediate, and measure again so that you can show progress not perfection.
HIPAA Compliance is the industry standard. Your patient medical data or EPHI is worth around $100 per record on the blackmarket. Now according to this New York Times article "Need Some Espionage Done? Hackers Are for Hire Online" criminals don't need hacker skills they can simply hire someone to hack your database.
A HIPAA checklist such as the one we offer for free on our website at www.compliancehelper.com is a useful tool for getting a snapshot view of your HIPAA compliance but it does not assure your on-going compliance like our Compliance Meter ®. The Compliance Meter ® is your assurance that your organization is HIPAA compliant on an on-going basis and that you can prove it. Thus our new product name HIPAAssure™, for which we have applied for a registered trademark, is symbolic of our commitment to on-going compliance.