Compliance can be tricky business. That’s why many experts agree that hospitals and health systems should undergo a risk assessment in order to ensure HIPAA compliance. This article from cio.com offers compelling reasons.
Whether your organization falls under HIPAA, FISMA or PCI DSS you need to do a risk assessment. Yes it’s a good thing to do self-assessment but in order to prepare for a full compliance audit it’s important to get an independent outside consultant to perform this critical assessment.
I have worked in and audited many organizations that all too often wanted to do the minimum and were completely unaware of their full responsibility to meet their compliance. They also in many cases did not have the internal staff or expertise to do a high quality assessment.
(Photo Credit: Thinkstock)
