Perspective
HIPAA is not a one-time project
Security and compliance
Organizations that treat HIPAA as a project with a start and end date tend to find themselves out of compliance within 18 months. Staff turns over, systems change, vendors are added, workflows evolve. HIPAA compliance is an ongoing operational discipline, not a certification you achieve once and file away. The most common gaps I see are not in the original implementation. They are in the drift that happens when no one is actively maintaining the program. A compliance posture that looked solid at last year's risk assessment may look quite different after a year of normal organizational change.
Further reading · CIO.com
5 IT Risks CIOs Should Be Paranoid About
This is the kind of problem I help companies work through.
If an auditor, customer, or investor is asking about security and you are not sure you are ready, that is the conversation.
I work as a fractional CIO or CTO for companies that need senior technology leadership without a full-time hire.