[ Tuesday, December 15, 2009 ]
Keeping Up with HIPAA:
How do you know that you're current with your HIPAA risk assessments? We've got new law that will be enforceable in a couple of months, with very few regulations. Neither the law nor the regulations will say what specific steps, processes, programs or hardware you might need. How do you know that you've done enough to be compliant
There's no good answer to that question, other than Justice Stevens' "know it when you see it" standard. HIPAA isn't specific with regard to technology or process; rather, it's "scalable." That's both a feature and a bug: it allows the market and industry to adapt and develop best solutions, but it also prevents individual participants from knowing with certainty that they've met the minimum requirement.
Ultimately, you've got to work hard enough and make good enough decisions. Consult with the right people within and outside your organization, know where you are/what you've got/where you need to go, and go there. Security is a process, not a place.
Jeff [10:38 AM]
Blogger: HIPAA Blog - Edit your Template