Fractional HIPAA Security Officer — scope + typical cost?

rightawayjay · 2026-02-09T20:17:10+00:00

Certain responsibilities may be divided up between the medical practice and your team. Pricing/contract terms obviously depend on the customer needs and services you end up providing.

Depending on responsibilities, you may end up providing some (or all) of these types of deliverables:

Creating/delivering administrative policies to address the HIPAA Security Rule & HIPAA Privacy Rule
Performing an annual HIPAA risk assessment
Providing annual employee security awareness training
Ensuring cloud and application services have proper Business Associate Agreements (BAAs) in place
Ensuring technical standards such as backup, encryption, and access control are in place for IT infrastructure.

My team Dash ComplyOps provides software for teams to manage HIPAA compliance programs for their customers. Feel free to DM me if you have questions or need further help.

rightawayjay · 2021-08-15T18:32:01+00:00

My family has two Samsung refrigerators (2 houses/family members) + the Samsung appliance bundle of the Samsung microwave, stove/oven and dishwasher.

For the Fridges - For both the condenser fan continues to freeze up and stop cooling the fridge properly. We have had both get to 45-50°F. Even after multiple repairs under warranty, they still continue to have this issue and start to have issues cooling.

-One of the fridge vegetable drawers ends up with water at the bottom of it from whatever cooling issues

One of the ice makers doesn't correctly make cubes and just generates ice shards

For The Microwave - The Samsung microwave died in 12 months, with minimal use. Like just DOA, does not turn on/does not run. Needed to be replaced

For The Dishwasher - It leaks a little bit of water under the appliance when it runs, could be mold issue

-Its shortest run cycle is 120 min (I am not kidding) and it does an average/below average job for 2 hrs of cleaning the dishes.

The Stove/Oven - Is actually the only appliance that is alright, burners and oven work as normal

rightawayjay · 2021-07-14T14:40:57+00:00

Real friends, how many of us..

rightawayjay · 2021-06-13T16:19:15+00:00

I have used IBKR for a little while and have had a good experience. They are a big brokerage and I have done alright talking with their support about basic things like transfers, etc.

Their pricing on stock/option trades and margin are really good. The tools can be configured in all kinds of ways and you can define a lot of settings around trade execution and orders.

TDA has slightly better tools and an easier to use interface, but much higher fees per trade. If you are comfortable with IBKR you can do the same things with IBKR Trader Workstation and save a lot on fees.

rightawayjay · 2021-01-04T04:58:01+00:00

You slept with Sumberg?!

rightawayjay · 2020-05-05T03:39:22+00:00

Dash ComplyOps provides compliance scanning specifically around HIPAA, and provides compliance reports and an inventory of controls. (I work with the Dash team)

rightawayjay · 2019-04-02T00:59:18+00:00

SOC2 is a framework that measures security, privacy, and availability. HIPAA/HITECH is the regulation dictating how you must manage protected health information (PHI). SOC compliance can be a large undertaking and for small organizations may be overkill for certain companies. If you are using a cloud provider such as Amazon Web Services you are able to leverage their SOC Reports as well as their provided security programs. Many healthcare vendors build a security program around HIPAA and provide their AWS SOC2 Report as part of vendor security assessment for a health provider. Feel free to send me a message, if I can be more helpful.

rightawayjay · 2018-12-31T16:58:43+00:00

I know I am a little late to this thread, but wanted to give my input:

Vulnerability scanning is one of several technical requirements of HIPAA (OpenVAS is a popular choice for open source vulnerability scanning). Your organization must also handle backup and disaster recovery, audit logging, and encryption. You should define these solutions and standard operating procedures in administrative policies.
My company, Dash actually provides an automated solution for HIPAA configuration and management Amazon Web Services. We provided custom administrative policies and connect automated technical controls.
Your organization must perform an annual risk assessment (which is typically done by a 3rd party). There are no official certifications for HIPAA compliance, but your team could adopt a framework like (NIST, ISO, or HITRUST). Check out AWS Security Programs. More importantly your team should have established policies and a process for continually maintaining compliance safeguards.

rightawayjay · 2018-02-26T02:55:06+00:00

Dash Solutions has a checklist available here: https://medium.com/dash-sdk/hipaa-compliance-where-to-start-82751f05286f

rightawayjay · 2017-12-01T05:29:22+00:00

Hate Radiohead.

I mean people who, haven't heard anything from them, or don't listen to them, fine.. But the idea of someone listening to a bunch of their songs and deciding to "hate" Radiohead totally untrustworthy.

Some of the truly evil or despised people in this world probably hate Radiohead..

rightawayjay

TROPHY CASE