A business model for HIPAA consulting services
My husband and I are trainers for Microsoft and Cisco certification programs. Unfortunatly, the training market has been really slow, and we have been looking into offering consulting services. We would like to specialize in HIPAA and health care issues. However, I am at a loss on how to put together a business model as a specialist to address the needs of the client. I read your chapter, and you were correct that there is no clear procedural step to follow to offer HIPAA solutions. We need to put this model together in order to proceed forward. Do you have any suggestions of resources that can help us achieve this?
There are already a few vendor-specific HIPAA training programs as well as the CHP, CHS and CHPS certifications from HIMSS and AHIMA. (Visit this Web site for more information. The HIMSS/AHIMA certs, given their vendor neutrality, appear to be good models even though they're not HIPAA specific. The HIPAA Security Rule is all about information security best practices. So, if you can learn all you can about the HIPAA and the security rule, and integrate well-known security standards from ISO/IEC, NIST, etc. you'll be well on your way.
For more info on this topic, check out these SearchSecurity.com resources:Archived Featured Topic: HIPAA: After the privacy deadline
Ask the Expert: Recommendations for security solutions meeting HIPAA requirements
Ask the Expert: HIPAA requirements for Canadian companies
This was first published in August 2003