HIPAA HITECH Compliance News

Who is Causing your HIPAA Pain?

Someone is causing you HIPAA pain.  It might be a client, business partner, new CISO, regulator or board of directors, but someone is demanding proof of HIPAA compliance.  The challenge is finding some acceptable proof and we suggest that a HIPAA NIST CSF Risk Assessment is the answer.


Continue reading…

NIST CSF Industry Standard for HIPAA

We still don't have a certification process for HIPAA but with the NIST CSF we have a standard that is accepted by HHS.  Upgrading to the NIST CSF brings your HIPAA compliance program up to the standards in 2018.  This is needed in addition to saving your previous compliance efforts such as policies, staff training and risk assessments done in a non-standard format.

Continue reading…


Why do you need NIST CSF even if you already have HITRUST CSF?  Management and the board of directors may require NIST CSF.

Continue reading…

Simple HIPAA Checklist

The simplest HIPAA checklist is a quarterly NIST CSF risk assessment.  It reflects that you have edited and implemented NIST policies, documented staff training and updated your NIST CSF risk assessment.

Continue reading…

NIST Policies

Trying to do an official certified NIST risk assessment from HIPAA policies written in the past is like translating hieroglyphics into English.   The pathway to a Certified NIST Risk Assessment is having NIST policies in place.  A NIST policy is one written to address a specific safeguard on the NIST CyberSecurity Framework (CSF).

Continue reading…

Older Posts