How to Be HIPAA Compliant

The Office of Civil Rights is conducting random HIPAA audits. The fines can be significant, and the consequences of a bad audit can be career-altering at every level in the organization.

HIPAA doesn’t actually define a threshold where you are suddenly compliant. While some third parties claim to certify you, the Office of Civil Rights (OCR) doesn’t recognize any certification and may still find you lacking.

What should you do? Exercise due diligence by continuously assessing and mitigating cyber risk. By demonstrating the measures you have taken to protect critical data, you can confidently assert that you’ve achieved compliance during your HIPAA audit.

Security Rule Compliance Software

Cybernance’s CMOM platform provides automated assessment and monitoring to see how well your organization stacks up against HIPAA, NIST, and even C2M2. The NIST Cybersecurity Framework is recognized as the “gold standard” for cyber risk maturity. The Cybersecurity Capability Maturity Model, or C2M2, assesses over 300 controls and relates them with the NIST Framework’s three dimensions.

Cybernance’s cybersecurity governance platform fully supports the recently announced HIPAA Security Rule Crosswalk. Translation: you can conduct a single, automated assessment that compares your organization against both NIST and HIPAA.

Who Needs HIPAA and NIST Compliance?

If you’re employed by a firm with HIPAA liability – whether you’re on the board, the CEO, an internal auditor, or a CISO, or a CIO, or a HIPAA consultant, you are at risk in the event of a bad audit.

In the event of an actual breach – now considered highly likely for every organization at some point – the stakes increase dramatically. Starting at the top, the SEC has stated its intent to hold corporate directors personally liable for a breach if they haven’t been engaged in cyber risk oversight.

The Cybergovernance Maturity Oversight Model (CMOM)

The Cybergovernance Maturity Oversight Model (CMOM) presents cyber risk in an intuitive, high-level view designed for board-level communication.

Full Support for the Security Rule

The HIPAA Security Rule Crosswalk maps each administrative, physical and technical safeguard standard and implementation specification in the HIPAA Security Rule to a relevant NIST Cybersecurity Framework subcategory. Enabling directors to oversee cyber risk mitigation requires bridging the communication gap between them, the CEO, the security staff, and vendors who implement cybersecurity measures.

The CMOM (Cybergovernance Maturity Oversight Model) Governance Console highlights how an organization rates versus the NIST and C2M2 standards. Integrating the HIPAA Security Rule Crosswalk adds compliance with healthcare standards as well.

If you’re interested in learning how you can prepare for a HIPAA Security Rule audit, fill out the form below.

  • This field is for validation purposes and should be left unchanged.