The simplest HIPAA checklist is a quarterly NIST CSF risk assessment. It reflects that you have edited and implemented NIST policies, documented staff training and updated your NIST CSF risk assessment.
Posted July 31, 2018 by Jack Anderson
Trying to do an official certified NIST risk assessment from HIPAA policies written in the past is like translating hieroglyphics into English. The pathway to a Certified NIST Risk Assessment is having NIST policies in place. A NIST policy is one written to address a specific safeguard on the NIST CyberSecurity Framework (CSF).
Posted April 24, 2018 by Jack Anderson
A certified NIST risk assessment is your best proof of HIPAA compliance. Jumpstart delivers a quarterly certified NIST risk assessment.
Posted April 6, 2018 by Jack Anderson
A NIST CSF is a National Institute of Standards and Technology Cyber Security Framework which can deliver an equivalent to "HIPAA Certification". By meeting the standards including periodic risk assessments you can provide proof that you are doing all that is needed to protect PHI.
Posted March 20, 2018 by Jack Anderson
A risk assessment on the NIST CyberSecurity Framework (CSF) is your "certification" of HIPAA compliance. It demonstrates the status of your security and privacy programs to others such as regulators, customers, partners, and shareholders.
Posted March 7, 2018 by Jack Anderson
The NIST Framework works best when linked with NIST Policies and a cycle of reviewing and updating policies to match changes in the organization. We call this the Cycle of Compliance.
Posted December 19, 2017 by Jack Anderson
HIPAA policies need to be built on a Cyber Security Framework (CSF) to be valid. Old policies written by consultants, lawyers, in-house IT, or bought off the internet do not meet the new CSF standards.
Posted December 11, 2017 by Jack Anderson
The NIST Framework is the gold standard of HIPAA compliance and Jumpstart can get you up and running in 72 hours at a very low cost.
Posted November 29, 2017 by Jack Anderson
Audit Finds Millions Paid Inappropriately Due to Lack of a Risk Assessment. Under the HITECH Act meaningful use incentive program, conducting a security risk assessment of protected health information "created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities" is a core requirement.
Posted June 14, 2017 by Jack Anderson
A ransomware attack can trigger a series of bad events leading to a huge HIPAA fine. The slippery slope: Ransomware attack is a HIPAA breach, which when reported triggers an audit, that discovers a lack of an up to date risk assessment, which leads to a fine for willful neglect.
Posted May 16, 2017 by Jack Anderson