Synthesizing the tenets of the National Institute of Standards and Technology (NIST) is the sixth post in our “compliance - why and how” series.
Regulatory compliance typically presents a complex problem requiring an even more complex solution. By synthesizing the tenets of NIST, one should be capable of producing a process, or series of processes and activities that will guide the user to compliance.
Begin your Assessment Process using these simple steps:
1. Conduct interviews, complete questionnaires and review procedure and policy documents
2. Determine degree of perceived compliance to regulatory rules
3. Perform physical review of activities to assess actual level of compliance
4. Create Current State Report
5. Compare current state to regulatory standards
6. Generate specific Gap Analysis and Risk Management Report
7. Define interventions
8. Monitor compliance progress
Once the standards are written into the policies and procedures, one must provide access to the highest-quality learning that can be tailored to individual needs and delivered cost-effectively, anytime and anywhere. This is accomplished using a Sharable Content Object Reference Model (SCORM) compliant training system. SCORM is produced by ADL, (a research group) sponsored the United States Department of Defense (DOD). Big new terms, I know. But let’s keep it simple!
Our goal is to help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy.
DTS InfoTech is committed to helping organizations understand and manage federal mandates like HIPAA Compliance. A simple web-interface provides access to our program from anywhere in the world. This affords you the opportunity to manage your compliance effort without the physical restrictions of operating system-based software. Also, your organization can run multiple facilities and multiple regulations within a single infrastructure. This thought process will lessen the complexities of becoming compliant, manage the process of assessment, and educate employees for minimal cost.
In selecting such a tool it is important to pick a solution that has a variety of features built into the product to help facilitate compliance management and assessment. All features should be setup in a logical, step-by-step manner, taking you from assessment to remediation in both a clear and concise way. In addition, the product should keep you up-to-date on the regulation changes. No longer are spreadsheets and file folders able to suffice in creating and maintaining a successful and diligent compliance plan.
Your Assessment Process is easy using our web based compliance tracking software and these simple steps:
1. Setup the program activity account; conduct interviews; post procedure and policy documents; complete questionnaires
2. Compare procedure and policies to rules and link to the program database
3. Establish your Gap Database
4. Conduct and evaluate security scans; identify vulnerabilities; post to your database
5. Assess overall compliance standards
6. Generate a specific Gap Analysis and Risk Management Plan
7. Define specific interventions
8. Monitor compliance progress
Severities of gaps vary from entity to entity, but common links include lack of adequate policies and procedures, overall employee training and awareness, and insufficient network security to safeguard data.
Our web based compliance tracking software is easy-to-use.
It provides templates to draft compliant policies and procedures used to manage all documents with regards to storage and version control. Our web based compliance tracking software also provides training and policy attestation through a learning content management system.
In our next post we’ll discuss the application of Risk Analysis.
DTS InfoTech Can Help
Regulatory compliance is the law, but many health care providers are not HIPAA Compliant. If this describes you, we can help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy using our web based compliance tracking software.
For more information: www.dtsinfotech.com/hipaa-compliance-for-small-health-care-practices-2/
Dedicated to your success,
General Manager and Compliance Officer
dts|infotech . . . computer networks that work