Compliance News - page 4

HITRUST Implementation of NIST CSF

HITRUST announces a pre conference topic "Implementation of the NIST Cybersecurity Framework with the HITRUST Approach". Why is HITRUST marketing the NIST CSF and what is their "HITRUST approach"?

Finish Reading…

Posted February 26, 2019 by Jack Anderson

Automated Quarterly Risk Assessments

Editing, adopting, and implementing NIST poilicies creates quarterly NIST CSF risk assessments in the Jumpstart program.

Finish Reading…

Posted February 21, 2019 by Jack Anderson

NIST CSF Risk Assessment: Not Reaonable or Appropriate

Identifying Safeguards that ate Not Reasonable or Appropriate for your organization can Jumpstart the NIST CSF Risk Assessment process.

Finish Reading…

Posted February 12, 2019 by Jack Anderson

NIST Safeguard For HIPAA Compliance

Example of NIST CSF Safeguard: AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES The group writes a security awareness and training policy. The policy will be given to all affected personnel and will be reviewed and updated several times a year. The security awareness and training policy states the purpose for the training, who will carry it out, and what their jobs will entail. The group writes procedures that state how the policy will be carried out. The security awareness and training policy and procedures comply with all laws and rules applicable to the group.

Finish Reading…

Posted February 5, 2019 by Jack Anderson

NIST Safeguard Definition

SAFEGUARDS Definition(s): The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Source(s): CNSSI 4009-2015

Finish Reading…

Posted January 29, 2019 by Jack Anderson

What is a NIST HIPAA Policy?

A NIST HIPAA policy is a policy written specifically to meet the requirements of a NIST Safeguard. Adopting and implementing the policy results in a higher score on the NIST CSF risk assessment, the new standard for HIPAA compliance.

Finish Reading…

Posted January 16, 2019 by Jack Anderson

Athenahealth Accepts Our Client as HIPAA Compliant

Athenahealth approved HIPAA Risk Advisor's report stating that Patient Education Genius is HIPAA compliant. Patient Education Genius achieved this in 20 days at a cost of less than $1,000 using the Jumpstart program from Compliance Helper and ACR2 Solutions.

Finish Reading…

Posted September 25, 2018 by Jack Anderson

Who is Causing your HIPAA Pain?

Someone is causing you HIPAA pain. It might be a client, business partner, new CISO, regulator or board of directors, but someone is demanding proof of HIPAA compliance. The challenge is finding some acceptable proof and we suggest that a HIPAA NIST CSF Risk Assessment is the answer.

Finish Reading…

Posted September 6, 2018 by Jack Anderson

NIST CSF Industry Standard for HIPAA

We still don't have a certification process for HIPAA but with the NIST CSF we have a standard that is accepted by HHS. Upgrading to the NIST CSF brings your HIPAA compliance program up to the standards in 2018. This is needed in addition to saving your previous compliance efforts such as policies, staff training and risk assessments done in a non-standard format.

Finish Reading…

Posted September 5, 2018 by Jack Anderson

Why HITRUST CSF needs NIST CSF

Why do you need NIST CSF even if you already have HITRUST CSF? Management and the board of directors may require NIST CSF.

Finish Reading…

Posted August 16, 2018 by Jack Anderson