In response to a changing healthcare landscape; a stark increase in the threats posed to maintaining the confidentiality, integrity, and availability of healthcare information; and a shift in focus by the Office for Civil Rights (OCR) and other regulatory bodies from compliance to risk management, Clearwater Compliance today is introducing a new capability advancement model, to help organizations more comprehensively operationalize their information privacy, security, compliance and information risk management efforts.

[quote style=”boxed” float=”right”]
What healthcare lacks is basic understanding of and steps to risk management around IT. The industry needs this – David Finn, health IT officer for security software firm Symantec.[/quote]

In a detailed white paper, Clearwater has outlined an extensive, proprietary framework that guides organizations as they shape their information privacy, security and risk management programs. The Clearwater Information Risk Management Capability Advancement Model™ (IRMCAM™) describes six levels of risk management process maturity based on five key practice areas:

Governance, Awareness of Benefits and Value
Including processes and controls that ensure that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-upon enterprise objectives.

People, Skills, Knowledge & Culture
Including board and senior level engagement, creating a risk-aware workforce and establishing risk management discipline across the organization

Process, Documentation, Discipline & Repeatability
Including predictable, measurable, controlled and standards-based processes, protocols and procedures

Use of Standards, Technology Tools/Scalability
Including automation of risk management workflows and key activities and controls monitoring

Engagement, Delivery & Operations
Including embedding risk issues in decision making and using a consistent framework for continuously improving risk management programs and processes

Clearwater also has unveiled the Clearwater Information Risk Management Capability Advancement Model Index™ (IRMCAMi) a web-based survey instrument that helps organizations better understand where they fall on the Clearwater Information Risk Management Capability Advancement Model™ and how their current program compares to industry best practices.  Invitations to test this tool will be sent out at a later date. Use of this tool is free during our invitation-only BETA trial period.

“What healthcare lacks is basic understanding of and steps to risk management around IT,” said David Finn, health IT officer for security software firm Symantec. “The industry needs this.”

In combination, these complimentary assets can help organizations better understand how to improve their readiness and maturity and where to focus their efforts in this increasingly important priority for business success.


Clearwater’s Information Risk Management Capability Advancement Model™ white paper can be accessed by filling out the form below:

Request your copy


“Healthcare is the next cyber security battleground, and we want to make sure our customers are prepared to win,” said Bob Chaput, CEO and founder of Clearwater Compliance. “When it comes to protecting their sensitive data, our customers are wrestling with new and emerging threats, enhanced obligations to protect sensitive information, intensifying scrutiny and increased enforcement from federal and state agencies. We are confident these new resources will help them respond to the challenges they are facing.”

Clearwater is a national leader in assisting organizations take a comprehensive approach to information risk management by helping them meet state and federal regulatory requirements and establish, implement and mature their information risk management programs. By fortifying its capabilities around information risk management, Clearwater will help its customers ensure their awareness of the information assets used to create, receive, maintain or transmit all sensitive data across their organizations; the vulnerabilities of those assets; the various threat agents and the controls they currently have in place to safeguard those information assets from exploitation of those vulnerabilities by those threats.

In addition to the capability advancement model framework and the risk management advancement tool, Clearwater has updated and enhanced its suite of products and services to better align with customers’ growing risk management needs, including:

Launch of Clearwater’s new Information Risk Management BootCamp™, which focuses on the most pressing issues facing organizations today in safeguarding sensitive information of all types, including Protected Health Information (PHI), personally identifiable information (PII), credit card data, company trade secrets, etc.

Significant updates to Clearwater’s proprietary compliance and risk management software suite to operationalize compliance and risk management plans within organizations

Additional tools, protocols, processes and consulting workshops geared toward helping organizations shape their information privacy, security and risk management programs.

To reduce the likelihood and impact of the compromise of any sensitive information, Clearwater recommends that organizations establish a “culture of risk management” and maintain a balanced privacy, security and compliance business risk management program that includes reasonable and appropriate policies, procedures, people programs and safeguards/controls.

“If information privacy and security risks are not properly identified and managed, there can be significant ramifications, affecting the company’s brand, bottom line, and ultimately, shareholder value. And even more importantly, consumer trust can be lost.” said Chaput.  “Our upgraded capabilities will provide our customers with additional assurance that they are effectively approaching their information risk management programs in a thoughtful and holistic manner.”

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.