Beware of Freshly-Minted, Self-Proclaimed HIPAA Risk Analysis Companies!  There is still great focus on completing the foundational risk analysis required at 45 CFR §164.308(a)(1)(ii)(A).  Here’s today’s big TIP – Select Your Risk Analysis Solution and Provider Very Carefully.  Download our HIPAA Risk Analysis Buyer’s Guide Checklist.


HIPAA Risk Analysis Tip – HIPAA Risk Analysis Buyer’s Guide Checklist

Just returning from the 2013 International Association of Privacy Professionals (IAPP) Global Privacy Summit in DC last week, we were privileged to hear the very latest updates from Office for Civil Rights (OCR) officials Director Leon Rodriguez, Deputy Director Sue McAndrew and leaders Linda Sanches and Verne Rinker.  The presentations made by the OCR officials at the 2013 IAPP Global Privacy Summit focused on Omnibus Final Rule changes and the summary information from the 2012 OCR HIPAA Audit Program.

In both cases as well as in discussions about the future of the HITECH-mandated audits of Covered Entities and Business Associates, the importance of completing a bona fide HIPAA Risk Analysis was underscored. The 2012 OCR HIPAA Audit findings included a determination that where Covered Entities did have performance audit gaps (not all 115 did), the failure to have complete a risk analysis was pervasive:

  • 47 of 59 Providers audited failed to complete an authentic HIPAA Risk Analysis
  • 20 of 35 Payors audited failed to complete an authentic HIPAA Risk Analysis
  • 2 of 7 Clearinghouses failed to complete an authentic HIPAA Risk Analysis

As had been indicated in previous public speeches and interviews by OCR Officials, they all once again emphasized the importance of completing this core Security Rule requirement and indicated the possibility of risk analyses becoming the area of focus for the next round of audits; this time including Business Associates as well as Covered Entities.  That focus on HIPAA Risk Analysis is no surprise since, to date, every Settlement Agreement/Corrective Action Plan entered into by the OCR cites failure to do a real HIPAA risk analysis.

Download HIPAA Risk Analysis Buyer’s Guide Checklist

We are often asked, “How do I go about selecting a reputable firm to complete a bona fide HIPAA Security Risk Analysis?”  This HIPAA Risk Analysis Buyer’s Guide Checklist is an easy-to-use tool to assist you in comparing alternative solutions and making your selection.

Other Help Getting Started With Your Bona Fide HIPAA Risk Analysis

Over the years, we’ve helped 100s of organizations complete their HIPAA Risk Analysis. Please benefit from our HIPAA Risk Analysis expertise by:

  1. Accessing our HIPAA Risk Analysis Resources area
  2. Downloading our HIPAA Risk Analysis Buyer’s Guide Checklist
  3. Attending our upcoming live webinar “How to Conduct a Bona Fide HIPAA Risk Analysis”
  4. Viewing a Guided Tour of the Clearwater HIPAA Risk Analysis™
  5. Calling us if you need immediate assistance at 800-704-3394
  6. Requesting a quotation for HIPAA Risk Analysis software or assistance


Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Clearwater Compliance

Clearwater Compliance helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.