At Clearwater, we believe that having a successful Risk Management program is a journey, not a destination and can be completed in 4 basic stages.  The third stage of this life cycle is to Respond – meaning to establish additional controls and safeguards as well as remediating any compliance gaps and security risks found during the assessment stage.

It’s simply not enough to know you have risks and call it a day.  What are you gonna’ do about them??

That’s where Risk Response comes in!

User Community Icon

Customer Requested Features

You asked, we listened!

Here are some of the top improvements we have made based on popular customer suggestions:

[unordered_list style=”tick”]

  • Improved look and feel of floating notes – More modern style with ability to ‘drag’ around the screen for improved visibility.
  • Stronger Password Management – providing custom options and several new default password settings to ensure all credentials are strong and secure.

[box size=”large” style=”rounded” border=”full”]

 Featured Improvement – Risk Response

Our robust Risk Response tool kit is designed to help you manage your risks after the completion of a bona fide Risk Analysis.


Let’s take a look at some of the key features and benefits, following the Risk Response Workflow:
[unordered_list style=”bullet”]

  • Risk Threshold allows you to determine the level at which risk’s require treatment based on your organization’s risk response appetite
  • Addition of the Risk Response List gives you the functionality to manage the improvement of your security by providing overall progress and completion of all risks. This dynamic screen can be used as a To-Do list for risks that need to be addressed and has many custom view options.
  • Implementation of the Risk Treatment Form feature; this page enables the customer to assign a responsible party to a risk, select a type of Risk Treatment type and enter notes
  • Evaluate Alternatives assists in identifying a course of action that would aid in getting risk rating to a manageable level. Select Effectiveness, Estimated Costs, Feasibility, Action and add valuable Notes or Documents.  You can also create custom controls that are unique to your organization.  This information will give you what you need to calculate the Residual Risk Rating and Select a Risk Status.
  • Approve Alternatives – Respond to risks by approving actions to reduce them
  • Implementation Planning will allow you to plan the mitigation and transfer of risks once approved during the Evaluate Alternatives process. Add an Implementation Description, Plan for Monitoring Effectiveness and Implementation Due Date.
  • Risk Action Plan – Drive risk response activities to closure with this dynamic project planning capability. Assign an Implementation Manager, Identify Priorities, Upload Documents and send reminder notices.


View the Guided Tour!

 Additional Improvements to the Clearwater HIPAA Risk Analysis™ Software:

  • Improved Document Management List – Expand out each control name to view a quick version history of all documents uploaded during the Risk Analysis and Risk Response processes.
  • Upload important control documentation from the Risk Treatment, Evaluate Alternatives and Approve Alternatives screens during the Risk Response process
  • Create custom examples for the Risk Likelihood and Risk Impact Scales – This allows for more ranges instead of discreet values for the Risk Likelihood examples and provide more clarity for the Risk Impact examples.  Now customers can design examples specific to their needs and understanding, ensuring unified interpretation.
  • New and improved Clearwater Control DefinitionsWe created more vivid and descriptive explanations for all 112 Clearwater Controls, complete with real-world examples
Learn more about this software.

 Updates to Clearwater HIPAA Security Assessment™ Software:

  • Multiple improvements to the Remediation Plan, including, but not limited to the ability to do mass updates to Responsible Parties, Priority and Due Dates
  • The addition of more Notes capabilities; the addition of Notes counters to important reports and screens; and the ability to navigate to and edit Notes
  • Created a hyperlinked column titled ‘Requirement’ in the Document Management area which will take you to the assessment question for which you uploaded a file
  • Ability to decide when colleagues get notified of Tasks and To-Dos – Eliminated Automatic Emails
  • Nested Remediation To Dos within Tasks – With this major improvement, you can expand out an Implementation Specification/Question/Task item from the HIPAA Compliance Tasks screen and view existing To-Do’s, edit or delete existing To-Do’s and create new To-Do’s.  For each To-Do, you have the added capability to update the completion status, priority, responsible party, due date and completion date.
  • View, Edit, Delete or Add Task Notes from the HIPAA Compliance Tasks page – No more toggling between screens to get all of the information you need to manage your Remediation Plan.
  • Want to close the loop with remediation of Tasks and To-Do’s?  We added the ability to enter a Completion Date to the HIPAA Compliance Tasks and Task Completion To-Do’s screens and view the completion dates on reports so you can see exactly when an item was due to be corrected, and actually finished.
  • Ability to edit Task and Assessment Notes – Make the proper changes to an existing note without having to delete and re-enter data.
Learn more about this software.

 Register for a Guided Tour

See these new features and more as one of our product development experts walks you through a live demonstration of the powerful functionality of Clearwater Compliance’s suite of software.

Register Now

We are committed to continue to invest development resources to ensure our Customers have comprehensive and robust tools with which to perform  periodic  Risk Analysis and Security and against the HIPAA Rules. We use the extensive background and knowledge of our experienced team, along with our customer’s feedback to develop and create the most powerful, proven methodology in the market today for helping organizations successfully respond to regulatory requirements and information risk management best practices.


Jon Stone

VP of Product Innovation at Clearwater Compliance
Jon has a unique breadth of experience with a combined 25 years’ experience in healthcare, working in the provider, payer and healthcare quality improvement fields. For the last 15 years Jon has provided strategic leadership for compliance and healthcare technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix. He is Clearwater’s VP of Product Innovation, and helps provide HIPAA Security and Privacy SaaS (Software as a Service) for the healthcare industry.