Clearwater HIPAA Risk Analysis™

Performing a formal Risk Analysis is a foundational step in any bona fide security program. HIPAA mandates it for CEs and BAs. The Clearwater HIPAA Risk Analysis™ automates and simplifies your process and provides essential documentation.

Build your Risk Management program on a mature, methodical and proven software solution.

Call us for pricing and more information. (800) 704 – 3394

Download DataSheet Contact Us / Arrange Live Demo Visit Software Site Watch Recorded Tour Register for Live Tour

Category: Software and Solutions.

Details
Features & Benefits
Testimonials (8)

Worried about data breach? Make security a competitive advantage!

Struggling to find the software and methodology to power and document your risk analysis? Not sure you’re doing risk analysis by-the-book? Completing a formal Security Risk Analysis is required by the HIPAA Security Rule and must follow HHS/OCR guidelines. And, Stage 1 and Stage 2 Meaningful Use require completion of a HIPAA Security Risk Analysis. Moreover, too many privacy and security decisions are being made in a vacuum, without the benefit of a bona fide risk analysis to facilitate informed decision making. Where do you stand?

The Solution

The Clearwater HIPAA Risk Analysis™ software and its methodology demystifies a complex process and arms you with an expert risk analysis engine. Based on the explicit HHS/OCR Guidance and underlying NIST security framework, our SaaS solution assists you in transforming risk analysis from arts and crafts into more science and engineering.

Download our product datasheet for a full list of features and benefits

Why Do A Risk Analysis?

As the result of changes driven by The HITECH Act, Covered Entities and Business Associates (BAs) must now comply with all relevant aspects of the law. A foundational step in HIPAA-HITECH security compliance is completing a Risk Analysis. Enforcement of compliance has increased significantly and includes:

Mandatory audits are coming
Business Associates and their subcontractors are now fully statutorily obligated to comply with the law
Non-compliance fines returned to and reinvested by HHS and the Office of Civil Rights in enforcement
Stiffer penalties in the new Civil Monetary Payment System
Jurisdiction provided to State Attorneys General to file civil actions on behalf of citizens

How the Clearwater HIPAA Security Risk Analysis™ Works

Delivers mature methodology to your risk management efforts with the unique Clearwater Risk Algorithm™ for healthcare.
Records, maintains and presents complete repository about information assets that create, store, access, or transmit ePHI and the associated threats, vulnerabilities, likelihood and risk rating
Strictly follows HHS/OCR guidance and uses underlying NIST risk assessment processes
Highlights security control deficiencies
Permanently records and updates your current security risk profile
Provides an important perpetual Information Asset Inventory and Risk Analysis repositoryHarnesses the power of the NIST risk management methodology

Do Risk Analysis the Required Way!

Be Fully Compliant	Provides a “by-the-book” approach to meet HIPAA and Meaningful Use requirements
Remove the Guesswork	Transforms risk management from “arts & crafts” to a mature, repeatable and sustainable process
Rationalize Security Investments	Facilitates informed risk management decision making by enabling prioritization and justification of security investments
Demonstrate Improvement	Captures a baseline for your current security risk profile and measures progress in treating identified risks
Supports a Culture of Compliance	Becomes a “living, breathing tool” for ongoing HIPAA security risk management
Save Money	Empowers your organization to become self-sufficient in meeting the requirement for a periodic risk analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(ii)(A)

Questions?

To purchase, or if you have questions about this product, please call us at (800) 704-3394; email us at info@clearwatercompliance.com or click to contact us.

5.00 out of 5

8 reviews for Clearwater HIPAA Risk Analysis™

5 out of 5

Rating by TJ Houske on Aug 12th 2012:

“As a former hospital CISO and current security practitioner, I’ve seen many approaches to meeting HIPAA risk analysis requirements. Finally, there’s a SaaS solution extremely tightly tied to HHS/OCR/NIST guidelines. Very robust and comprehensive in controls coverage, yet easy to use. Kudos to the Clearwater team!”

TJ Houske, CISSP, CCNA, CHPSE
Housekey LLC
5 out of 5

Rating by Pete Niner on Aug 12th 2012:

With this tool, it’s easy to manage a large amount of disparate data, and focus in on the few things that truly matter. Clearwater has done a great job of simplifying a complex, detail-driven security analysis.

– Pete Niner, CISSP
Techumen
5 out of 5

Rating by Kamal Govindaswamy on Aug 12th 2012:

In my opinion, any good risk analysis solution needs to be good in three areas. Clearwater’s solution does very well in all three areas, as explained below:

1. The design of the solution must be based on an established and acceptable standard methodology. Clearwater’s solution methodology is based on National Institute of Standards Technology’s (NIST) 800-30 publication and the guidance from the US Department of Health & Human Services’ Office for Civil Rights (OCR). Any organization dealing with Protected Health Information (PHI) as defined by HIPAA is obligated to follow this methodology for Security Risk Analysis.

2. The solution must have a rich database of assessment questionnaire and controls so that all possible risks can be effectively identified and managed. Clearwater’s solution has a rich database of easy to follow questions and the user is asked to answer the questions based on the state of relevant controls drawn from NIST 800-53 publication.

3. The solution must have good reporting capabilities for tracking risk assessments as well as demonstrating compliance with audit and regulatory requirements. Clearwater’s solution does very well in this area by providing reports that can be exported to Excel for further analysis and reporting.

In the light of the above, I would strongly recommend Clearwater’s Risks Analysis solution for not only healthcare organizations but any organization that wants to manage its information security risks in an effective manner. I believe that the solution will be especially useful for healthcare organizations given Clearwater’s focus and thought leadership on healthcare security and privacy.

Kamal Govindaswamy, CISSP, CISA, CIPP. ABCP
RisknCompliance Consulting Group, LLC
5 out of 5

Rating by Cheryl Burokas on Aug 13th 2012:

We chose Clearwater because of they offered a complete end-to-end HIPAA Security Risk Analysis process that followed all the HHS/OCR guidance. Very professional people who provided specific recommendations we could act on immediately.

- Cheryl Burokas, Practice Manager
Auburn Podiatry LLP
5 out of 5

Rating by Chip Harris on Aug 13th 2012:

I researched several security companies recommended by our EMR provider and found Clearwater was most comprehensive and cost-effective. We now have the confidence of knowing that we have met this key Meaningful Use requirement by-the-book. High integrity expert team.

- Chip Harris, Practice Administrator
Neurology Clinic, P.C.
5 out of 5

Rating by Wayne Richmond Princeton Community Hospital Data Security Officer on Aug 28th 2012:

We choose Clearwater because they are a front runner in consulting and assisting with this area. And, they also have developed Risk Analysis software to help you meet the Meaningful Use criteria and qualify for incentives. They may be listed as a consulting group, but they will also train and adjust to whatever is needed based upon your in-house expertise. The other top vendors were mainly consultants, they will come in and assess/audit our facility, give recommendations and leave, and if we need them again we will need to pay another fee. Clearwater offered the same type of consulting but also offered to sell us the software tool and train us on the application and uses of it. This way we may preform audits and assessments at any time.

We felt that we had the expertise in-house to understand and conduct assessments and audits after being shown the demo of the software. This software and training is within the compliance listed by the statutorily obligated to comply with the law as a result of Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009.
5 out of 5

Rating by Jerry Kelly Compliance Officer Baptist Health Madisonville on Nov 12th 2012:

In the spring of 2012 we recognized the need for an in depth assessment of our HIPAA-HITECH compliance and the Clearwater Compliance team was identified as the best fit for our needs. While the knowledge and professionalism of all of Clearwater’s team impressed us as we worked through their workshop processes to help us complete the HIPAA Security Assessment and the HIPAA Security Risk Analysis, we have also been very pleased with the “leave behinds” in the form Clearwater’s software. We subscribed to two of their tools and have used them for our ongoing HIPAA Security compliance program and the ongoing maintenance of our security program. I highly recommend Clearwater Compliance to any company needing a HIPAA Security Assessment or HIPAA Security Risk Analysis.
5 out of 5

Rating by Dawn Goodman, Privacy & Security Officer, Health Plan of San Joaquin on Nov 16th 2012:

Clearwater Compliance is a lifesaver! We received an audit notice before the protocols were published by OCR so we really had no idea what to expect. The expertise that Bob & his team brought to us – on literally a moment’s notice – was invaluable and helped us to prepare our management team. The Security Assessment and Risk Analysis software is thorough and clearly relates back to HIPAA in a way that gives each standard the definition that we all know is lacking in the actual regulations.