As you probably already know, the 2003 Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires healthcare organizations to safeguard electronic protected health information (ePHI). And, if you own, run, or work for a business in the healthcare industry you likely understand the complexities and frustrations associated with trying to maintain data security and compliance with the HIPAA Security Rule. The number of threats, fines, costs and the associated procedures, regulations, and “solutions” grows nearly every day.
To add to the confusion, it seems like everyone and their mother claims to have an easy to follow recipe, off the shelf solution, or quick guide to HIPAA compliance and data breach protection success! Well, we can tell you first hand that there are no quick and easy solutions to achieving and maintaining HIPAA compliance but there are some premier FREE services that will help you get there. One free service, in particular, is invaluable: the U.S. Department of Homeland Security (DHS), National Cybersecurity Assessments and Technical Services (NCATS) team. The DHS NCATS team will conduct a whole host of cybersecurity threat assessments as well as conduct an on-site visit free of charge. These are experts in the field of digital and internet security are at your disposal and the comprehensive report findings remain confidential so that you can complete a comprehensive remediation action plan to address any negative findings. Scroll down to the section titled How do I Request a Free Cybersecurity Risk Assessment for details on how to start the process. For a list of other free resources please visit and read our Resources page.
If you prefer completing a self-assessment there is an excellent resource from Carnegie Mellon’s Software Engineering Institute titled Mapping the HIPAA Security Rule to the Cyber Resilience Review. The article on mapping and how organizations can use the CRR alongside the HIPAA Security Rule is an excellent resource providing a detailed explanation of the process. Keep in mind that the CRR self assessment tool is very comprehensive and not for the faint of heart…
How Do I Request a Free Cybersecurity Risk Assessment?
The short and sweet answer: Send an email to ncats_info@hq.dhs.gov requesting a cybersecurity risk assessment.
The NCATS team will respond within 24 business hours assigning a ticket number to your request. The NCATS team response will include details on how to engage their team, a sample risk assessment report, and the rules of engagement.
If you would like help from our team in understanding how to navigate HIPAA compliance, protect against data breach, implement mobile device management, install and use DriveStrike Remote Wipe and Data Breach Protection services – please send us an email at support@drivestrike.com. To signup for DriveStrike please select Sign Up from the menu or if you want to learn more about DriveStrike pricing please select Pricing from the menu.