By Jack Anderson
April 6, 2018
Certification has always been the holy grail for HIPAA compliance, but like the holy grail it is elusive if not unobtainable. What you can achieve is a certified NIST risk assessment which is accepted as the gold standard for HIPAA compliance.
The first prerequisite for a certified NIST risk assessment is an NIST policy written specifically to match the NIST safeguard. Editing, adopting and implementing the policy satisfies the requirement and is recorded as a Yes in the risk assessment. If the policy is not reasonable or appropriate (NRA) to the organization it can be marked NRA with an explanation of why it is NRA. This will be scored as a Yes in the risk assessment.
In the Jumpstart program the user deals with editing and updating policies in the Compliance Helper portal. Scoring and updating the risk assessment happens in the background and the user receives a batch of certified NIST risk assessment reports on a quarterly basis.
For a free demonstration of Jumpstart, and how to get a Certified NIST Risk Assessment send me a request at jack@compliancehelper.com