HIPAA Certificate:NIST CSF Risk Assessment

March 7, 2018

We have wrestled with the lack of a certification process for HIPAA for years. The NIST CSF is the best solution. It is a standard accepted through-out the healthcare industry as well as a path to total cybersecurity compliance.

It also has the advantage of being free since it was developed by the federal government. Compliance Helper and ACR2 solutions have worked together to develop “NIST Policies” that are built on the CSF and tie directly into the NIST CSF risk assessment. Editing and adopting an NIST policy such as AT-2 Security Awareness Training counts as meeting the AT-2 standard and increases the score on the risk assessment.

The Jumpstart program takes advantage of a policy called Not Reasonable and Appropriate (NRA) to simplify and accelerate getting an organization onto the NIST CSF. Health and Human Services has stated that an organization only needs to meet the standards that are reasonable and appropriate to their organization. HIPAA covers a wide range of organizations from a sole proprietor taking health insurance applications to a multi-state hospital organization. Obviously different standards should apply to these organizations.

The Jumpstart NRA method is based on data from hundreds of audits and identifies potential NRAs as a first step in the process. If the organization agrees, these standards (or policies) are inactivated. For a small organization that can mean as much as a 42% reduction in the number of standards they need to meet.

By editing and adopting a few more policies, training their staff with our on-line programs, and getting an updated risk assessment, they have achieve initial HIPAA compliance with just a few days of work.

By accomplishing a few monthly tasks, which include reviewing, editing, and adopting more policies the organization can stay compliant and with their quarterly risk assessments be able to certify these results.

If you would like to receive a more detailed description of the Jumpstart process and NIST CSF, send me an email at Jack@compiancehelper.com

Back to News