Step2 — Skysail Software

Now, that was easy.

If compliance is anything it is the management of the processes that are defined to address the compliance rules. If there is not real management, then there will be no real compliance. Period.

Step 2 is genuinely authorizing a HIPAA Security Official within your organization and committing the time and resources necessary for success. When this is done properly, you will have already addressed 164.308(a)(2) of the Security Rule.

Don't kid yourself about it. This is probably the biggest reason you're not compliant today.

Will your organization authorize a genuine HIPAA Security Official?

Yes! Go to step 3
No

HIPAA security rule compliance

Step 2