HIPAA for All
It is widely accepted that cybersecurity is a problem for organizations of all sizes and industries, and contrary to popular opinion, small businesses are equally or more susceptible to cyber-attacks. Small medical offices are a special case because of the sensitivity of the data they maintain, and the regulatory compliance requirements imposed by HIPAA.
HIPAA legal compliance requirements provide little guidance in achieving adequate security, but enforce strict standards including Security Management, Information and Access Management, Access Control, Audit Control and Transmission Security. These protection standards align well with NIST or other cybersecurity frameworks, but need to be explained and scaled to the needs of the small office personnel responsible for addressing the security responsibilities as the appointed security officer.
Rather than continue to implement security standards that drive toward HIPAA compliance blindly, we will develop a toolkit to help the small office achieve targeted security that addresses HIPAA and cybersecurity compliance from a risk management approach. The process will offer the small office manager, staff or doctor with the ability to easily identify their assets, highlight critical assets, define their workflow, follow PHI through their workflow and use this to determine cybersecurity and privacy compliance requirements.