By Jack Anderson
January 24, 2017
Many years ago we registered the trademark Compliance MeterR because we saw that organizations needed some way of knowing where they stood on HIPAA compliance. Now with HIPAAssesstm we are acknowledging that you will need a more granular view of your compliance to satisfy regulators, business partners, and clients.
While useful, a HIPAA check list, an internal risk assessment, or a risk assessment done by a local consultant won’t meet the test. The gold standard of HIPAA risk assessments (HRA) is the NIST methodology. This is the only standard HHS mentions and the one on which most auditors are trained.
What do we mean by up to date? All HHS says is that your should do a HRA “periodically” or whenever there has been a major change in your business such as new software, an acquisition, new products for services, or anything that might increase your risk.
There are two major approaches to HRA, a one time event, or a tool that can be used as needed. A small organization with little or no changes is probably OK with an annual HRA. An on-line service such as HIPAAssess can be structured for either model. In the event model, information is collected by a Helper and entered into the tool. A batch of reports are created including a risk assessment graph and a gap analysis. This set of reports meets all of the requirements for a HRA.
If the tool is needed a staff member or outside consultant is trained on the use of the tool and can create and update the HRA as needed. Other requirements such as Meaningful Use (MU) may require quarterly risk assessments. This makes the on-line tool a better deal.
Costs start as low as $495 for a small organization getting a single HRA. The tool price starts at $995 per year.
For more information go to www.compliancehelper.com/HIPAAssess or email me at Jack@compliancehelper.com