Information Risk Management Capability Advancement Model™ (IRMCAM™)
Clearwater Information Risk Management BootCamp™
Introducing Clearwater’s HIPAA Risk Analysis™ Software 3.0
Risky Business: How to Conduct a Bona Fide HIPAA Risk Analysis
Clearwater’s Remote HIPAA Security Risk Analysis™ for Small Businesses and Medical Practices
We Help Business Associates with HIPAA-HITECH Compliance


Outstanding material, presentation content & presenters.

– Geoff Boulter, Platform Security Office, Hewlett Packard

Best delivery and information on HIPAA compliance, security and risk management.

– Cornel Ruston, Managing Partner, CR Associates, LLC

This is a solid program with great education.  It lets you invest in a long term program.

– Steve Klimback, Director of IT, The Angeles Clinic

The BootCamp provided a great overview of HIPAA and help removed a lot of the confusion around HIPAA, HITECH and Omnibus Rules.  It helped break down the different components of the regulation that was easy to understand.

– Robert Norton, Healthcare Channel Manager, Symantec

We chose Clearwater because of they offered a complete end-to-end HIPAA Security Risk Analysis process that followed all the HHS/OCR guidance. Very professional people who provided specific recommendations we could act on immediately.

– Cheryl Burokas, Practice Manager, Auburn Podiatry LLP on Dec 30th 2012

We looked at several vendors to complete our Risk Analysis. Clearwater quickly emerged as our top choice because of their solid three-step process and deep HIPAA risk analysis experience. We learned a great deal about our exposures and received a solid plan of action. Very thorough and professional. Thanks to their work, we have successfully completed our Meaningful Use attestation and are currently working to correct our deficiencies.

– Elizabeth Blondefield, Practice Manager, Grady L. Jeter, MD on Feb 4th 2013:

[Bob Chaput is…] One of the best presenters I’ve ever seen (14 years of experience of going to and doing things like this) ……overall a well-constructed and well-presented program.  I’ve done this in the privacy-sector for 14 years and can tell a good presentation program when I see one.

– – Stephen Treglia, Absolute Software, Legal Counsel, Investigations and Recovery Services

Presentation was excellent! Speakers excellent!

– Karen Ryker, Chief Compliance Officer of RC Billing in Austin, TX

We choose Clearwater because they are a front runner in consulting and assisting with this area. And, they also have developed Risk Analysis software to help you meet the Meaningful Use criteria and qualify for incentives. They may be listed as a consulting group, but they will also train and adjust to whatever is needed based upon your in-house expertise. The other top vendors were mainly consultants, they will come in and assess/audit our facility, give recommendations and leave, and if we need them again we will need to pay another fee. Clearwater offered the same type of consulting but also offered to sell us the software tool and train us on the application and uses of it. This way we may preform audits and assessments at any time.

We felt that we had the expertise in-house to understand and conduct assessments and audits after being shown the demo of the software. This software and training is within the compliance listed by the statutorily obligated to comply with the law as a result of Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009.


– - Wayne Richmond, Data Security Officer, Princeton Community Hospital

I have enjoyed participating in several HIPAA/HITECH webinars hosted by Bob Chaput with Clearwater Compliance, LLC.

The Webinars have been extremely professional and very specific in regards to assisting organizations meet the various applicable HIPAA Privacy and Security regulatory compliance requirements. After each webinar, I have been extremely impressed that Bob has personally followed up with me to see if the webinar was helpful, met my needs, and if I had any follow up questions or suggestions. Bob is very professional, polite, very customer focused, takes pride in the work, expertise and reputation of his organization!


– Robin Redford, Enterprise HIPAA Application Auditor

The two principals of Clearwater Compliance, Bob and Mary Chaput, were both executive leaders at Healthways previously – Bob as EVP & CIO and Mary as EVP & CFO.  Core to their respective duties and responsibilities while at Healthways was risk management, including a significant emphasis on HIPAA security and privacy.  During the stretch of a decade with the company they led the design, development, implementation and management of the enterprise compliance program.  The approach, tools and processes developed for Healthways now serve as the basis of the platform for Clearwater Compliance.  Just to give you a sense of the magnitude of their work at Healthways, the compliance program protected the PHI for more than 40 million Americans annually.  In addition, the effectiveness of the program performance was tested readily each year through audits administered by our large customers, composed of government (e.g., CMS), national/regional health plans and Fortune 500 employers.  We have had no violations or investigations under this program.  Moving forward we intend to continue to stay abreast and compliant through the excellent HIPAA Privacy, Security and Breach Notification WorkShop™ offerings that Clearwater Compliance delivers.  Bob and Mary Chaput are people of high integrity, impeccable work ethic and are very passionate about the business they are leading and the value they are creating.  They will treat your risks and opportunities as if they were their own.    I hope my note does justice to begin to explain how fortunate you would be to do business with Clearwater Compliance.

– -- Ben Leedle, Jr. | CEO | Healthways, Inc. | (NASDAQ: HWAY)

Health Plan of San Joaquin began its relationship with Clearwater Compliance when we were randomly selected by OCR as one of the first in the nation covered entities to be audited.  Bob and his expert team made us feel like we were their priority in those stressful weeks before and during the audit.  That’s why we continue to place our confidence in Clearwater Compliance to assist with the testing of our systems and processes.

– Dawn Goodman, Privacy and Security Officer, Health Plan of San Joaquin

I am happy to positively endorse Clearwater Compliance. They have done an excellent job for us with their audit of our privacy, security and breach readiness to comply with HIPAA, HITECH and the new Omnibus changes which go into effect this next month.

Bob and Mary Chaput conducted our audit themselves and we had a very productive and informative two day audit session. We have also engaged them to do a security risk assessment, which is scheduled for the first quarter of 2014 (we wanted to put their preliminary audit recommendations into place before we ran this audit). They are very specific, very clear, very thorough and very knowledgeable. Their style is structured, but friendly and easy. We consider them friends now that we have spent so much time with them both in prep for our audit, in the actual audit and in follow up since the audit.

Their audit report was well written and provided us with many areas of improvement and recommendations to follow up on. We created our own internal Corrective Action Plan project team (consisting of compliance, IT and operations staff) to follow up on their recommendations. We believe we will be much more compliant/effective with privacy, security and breach regulations once we have implemented their recommendations.

We find their audit tool/software to be easy to use and intuitive. We are just now updating our status on a number of items to see our new “score” using their tool.

We also feel we are very conversant in the regs and expectations surrounding privacy, security and breaches. There are at least four other local health plans similar to ours in CA who have or are using Clearwater Compliance. They have all spoken highly of their experience with Clearwater Compliance.

Finally, let me note that their pricing seems very reasonable to us – both for the value we directly received and in comparison to fees we have/do pay other consultants who support our health plan.

– Eric Bergen, Sr. Director - Quality Improvement & Compliance, Alameda Alliance for Health

[BootCamp Score 10 out of 10 rated due to] Content and delivery.

– Joe Harford, Founder, Reclamere

[BootCamp] Information was presented in a practical manner. Very understandable.

– Howard Levine, EVP, SoftScript

It was an interesting and informational seminar. Everyone was down to earth and real–no big ego’s.

– Christina Talucci, Principal, CMT Consulting, LLC

[BootCamp] Wealth of information, great connections, material to refer back to.

– Kimberly Nash, IT Compliance Analyst, eGistics Inc.

Your team’s expertise helped ensure that we had great participation. I know HIPAA can be complex but your team really broke it down in a way that everyone could understand. We are getting ready to get underway with our cross functional compliance team and work plan, and will be on our way to a “straight A” HIPAA compliance program thanks to your software and to you, Mary, Jason and Wes.

– Ian Johansson, Associate Director of Regulatory Affairs Administration Department Partnership HealthPlan of California

[BootCamp] This was very helpful from the perspective of an IT auditor. The methods are the same, but the considerations around PHI were profound.

– Diane McClain, Operations Manager, Newberry Group

[BootCamp] Overall, the training was very valuable and provided a wealth of knowledgeable information to help key people improve their organization’s HIPAA compliance and privacy practices.

– Anitra Cole, Director of Human Resources, St.Joseph Institute for the Deaf