Certified NIST Risk Assessment for HIPAA compliance
A certified NIST risk assessment is your best proof of HIPAA compliance. Jumpstart delivers a quarterly certified NIST risk assessment.
Posted April 6, 2018 by Jack Anderson
What is a NIST CSF and why should I care?
A NIST CSF is a National Institute of Standards and Technology Cyber Security Framework which can deliver an equivalent to "HIPAA Certification". By meeting the standards including periodic risk assessments you can provide proof that you are doing all that is needed to protect PHI.
Posted March 20, 2018 by Jack Anderson
HIPAA Certificate:NIST CSF Risk Assessment
A risk assessment on the NIST CyberSecurity Framework (CSF) is your "certification" of HIPAA compliance. It demonstrates the status of your security and privacy programs to others such as regulators, customers, partners, and shareholders.
Posted March 7, 2018 by Jack Anderson
NIST CSF Risk Assessment Cycle
The NIST Framework works best when linked with NIST Policies and a cycle of reviewing and updating policies to match changes in the organization. We call this the Cycle of Compliance.
Posted December 19, 2017 by Jack Anderson
Your HIPAA Policies are Out of Date
HIPAA policies need to be built on a Cyber Security Framework (CSF) to be valid. Old policies written by consultants, lawyers, in-house IT, or bought off the internet do not meet the new CSF standards.
Posted December 11, 2017 by Jack Anderson
Jumpstart the NIST Framework
The NIST Framework is the gold standard of HIPAA compliance and Jumpstart can get you up and running in 72 hours at a very low cost.
Posted November 29, 2017 by Jack Anderson
Lack of Risk Assessments Could Cost $729 Million
Audit Finds Millions Paid Inappropriately Due to Lack of a Risk Assessment. Under the HITECH Act meaningful use incentive program, conducting a security risk assessment of protected health information "created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities" is a core requirement.
Posted June 14, 2017 by Jack Anderson
Ransomware Attack is a HIPAA Breach
A ransomware attack can trigger a series of bad events leading to a huge HIPAA fine. The slippery slope: Ransomware attack is a HIPAA breach, which when reported triggers an audit, that discovers a lack of an up to date risk assessment, which leads to a fine for willful neglect.
Posted May 16, 2017 by Jack Anderson
No HIPAA Risk Assessment? $400,000 Fine
Metro Community Provider Network received a $400,000 fine and a corrective action plan for failing to do a risk assessment prior to a phishing incident that exposed 3200 employee files. Doing the risk assessment a month after the breach didn't work.
Posted April 13, 2017 by Jack Anderson
Are You HIPAA Audit Ready Today>
A HIPAA breach caused by a ransomware attack on a solo physician practice proves that it can happen to anyone. Will the audit reveal that the practice was in HIPAA compliance or willful neglect?
Posted April 12, 2017 by Jack Anderson