NIST CSF Industry Standard for HIPAA

September 5, 2018

We still don’t have a certification process for HIPAA but with the NIST CSF we have a standard that is accepted by HHS.

NIST CSF is the new standard for HIPAA compliance in 2018, but you need to keep all of the documents from your earlier HIPAA compliance efforts for six years. NIST CSF will lead you into the future while your documentation of historical compliance efforts will protect your past.

In our Jumpstart program clients begin a process of editing new NIST policies, enrolling staff in on-line security awareness training, and receiving quarterly NIST CSF risk assessments. With their old policies as proof of preveious efforts they can proceed with monthly tasks that will move them onto the NIST polices at a brisk but reasonable pace.

However, if they have outside pressure from a client or a regulator they can accelerate the process. A typical client would take six months to complete the editing process and receive an exemplary risk assessment, however we have had clients that completed this process in a few weeks. We had a client that needed a risk assessment with all safeguards “in the green” in order to receive a multi-million dollar investment. Working together we delivered it in under two weeks.

Jumpstart is a unique program developed to expedite the process of upgrading to the NIST CSF for HIPAA. Let me know if you would like a demonstration.

Jack Anderson,

Back to News