When it comes to HIPAA compliance, senior executives and compliance professionals are always looking to address a few fundamental questions:
- How do we know that our organization, be it a covered entity or a business associate, has implemented a HIPAA compliance program that is credible?
- How can we be assured that the HIPAA compliance program is not just paper-ready, but evidence-based?
- Is our HIPAA program audit-ready at all times, at any time?
Organizations should examine the NIST CsF standard. HIPAA points to NIST in several areas.
The NIST CsF framework is a complete end-to-end, comprehensive standard that organizations can use with confidence to align their HIPAA compliance program with. The latest update to the standard is NIST CsF v1.1. My advice – Every compliance professional, all security professionals must be intimately familiar with the NIST CsF standard. And, all organizations, small or large, provider, payer, or a business associate, should look closely at aligning the HIPAA compliance program with the NIST CsF standard.
Organizations have the option to go further, and pursue NIST CsF certification. NIST CsF certification can be achieved by meeting the requirements of the HITRUST CSF standard.
Have you scheduled your 2019 HIPAA and cybersecurity assessment? Ensure NIST CsF mapping with assessments is performed. Discuss more with Ali directly at Ali.Pabrai@ecfirst.com. Control your excitement!
Date: May 07, 2019