Friday, November 18, 2011

HIPPA Audits and Compliance

Alan Heyman, Managing Director of Cyber Security Auditors & Administrators LLC (CSA2) was contacted and quoted recently, because of his expertise in working with companies to help them determine their risk quotient. 

Automating HIPAA Compliance Tracking and Audit Preparation

The article is a quick read, but reading between the lines may take a bit longer.  Alan is of course talking about a Written Information Security Program (WISP) plan and a WISP-Vault which is a highly secured storage facility to keep the plan safe. 

There has never been a perfect mouse trap and the mice keep getting smarter.  You cannot engineer a perfectly secure environment when humans are involved.  A WISP plan is more than a fancy binder filled with out-of-date information sitting on a shelf in someone’s office collecting dust.  It is a process, not an event.  A real WISP plan is a living breathing environment which is kept up to date with the changes in your business.

Think of a WISP plan as a fire drill for data breaches.  You plan, prepare, and practice over and over so that in the case there is a data breach everyone stays calm and you implement the right corrective action in a timely manner.

You cannot keep the auditors away, but you can be prepared.  A working WISP plan creates a defensible position that will protect you and your business.  The preventative medicine might taste a little bitter, but is a lot less painful than cure.  You know the saying Ben Franklin made famous: “An ounce of prevention is worth a pound of cure”.  Ben made this observation long before there were computers or HIPPA concerns.

Every business has its own risk assessment and the solution is based on potential exposure.  You would prepare your home if you knew a storm was coming, so why not do the same with your business.  Start now by contacting us to see how we can help. 

Dolvin Consulting works with organizations that are worried about lawsuits related to the theft of personal information and are concerned about the loss of customers related to a data breach.

No comments:

Post a Comment