Only freelancers located in the U.S. may apply.U.S. located freelancers only
Our company is a laboratory analytics company that receives and analyzes patient laboratory data to help support the clinical decision making process of the doctor. We turn laboratory data into meaningful, graphical, interpretive reporting that helps both the physician and the patient and our electronic systems receive this data on patients, analyzes it, and then generates a new report sent to the doctor. Our IT systems are all HIPAA compliant but we need a full documented risk assessment and policies and procedures in place; a full data security program to be in compliance with the HIPAA Security Rule because, as a company that deals with protected health information (PHI), we are a business associate.
We only operate in the United States. The documented program needs to meet all requirements in the "Security Rule" and the plan should map to, and leverage, the, "NIST Cybersecurity framework" and the newer NIST Digital ID guidelines. (Note about NIST: Although all Security Rule administrative, physical, and technical safeguards map to at least one of the NIST Cybersecurity Framework Subcategories, other Security Rule standards, such as specific requirements for documentation and organization, do not. Therefore, it is recommended that our company (a HIPAA covered entity/business associate) should not rely entirely on the crosswalk attached here for compliance with the Security Rule but it is an excellent place to start for someone completing this task for us.)
The NIST document attached incorporates mappings of HIPAA Security Rule standards and implementation specifications to applicable NIST Cybersecurity Framework Subcategories. These mappings are included in the “Relevant Control Mappings” column which also includes mappings from other security frameworks. Other frameworks included in the mapping to the NIST Cybersecurity Framework include: the Council on Cybersecurity Critical Security Controls (CCS CSC); Control Objectives for Information and Related Technology Edition 5 (COBIT 5); International Organization for Standardization/ International Electrotechnical Commission (ISO/IEC) 27001; International Society of Automation (ISA) 62443;
National Institute of Standards and Technology (NIST) SP 800-53 Rev. 4.
Please provide the total cost and timeline (500-1000 doctors and about 5-10k patient reports) for a complete risk assessment and all policies and procedures and required internal documentation required by HIPAA Security Rule and NIST Framework for Cybersecurity.
Hours to be determined
Less than 1 month< 1 monthProject LengthDuration
I am willing to pay higher rates for the most experienced freelancers