CLEARWATER KNOWLEDGE CENTER
Blog
HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”?
This entry is part 50 of 13 in the series HIPAA Security Risk Analysis TipsHIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? Short Answer: YES! As long ago as June of 2005, the Department of Health and Human Services (HHS) began publishing a...
HIPAA Risk Analysis Tip – May 3rd Webinar with Leon Rodriguez – What OCR Expects in Your HIPAA Risk Analysis
This entry is part 49 of 13 in the series HIPAA Security Risk Analysis TipsHIPAA Risk Analysis Tip – May 3rd Webinar with Leon Rodriguez – What OCR Expects in Your HIPAA Risk Analysis Join former OCR Director Leon Rodriguez (9/2011-7/2014), now a Partner at Seyfarth Shaw LLP and Bob Chaput, CEO, Clearwater Compliance, on May...
IF YOU HAVE TO DISCLOSE, LOOK YOUR BEST
Reporting risk factors started in earnest in 2005 when the SEC introduced a new section in annual 10-K reports for organizations to discuss the “most significant factors that make the company speculative or risky.” Specifically, publicly traded companies were required to include qualitative disclosures of risk factors and to update that information quarterly with changes....
OCR is using audits to find risks and vulnerabilities that might not otherwise be known.
Recently at the Privacy & Security Forum, senior advisor Linda Sanches discussed what the OCR will be looking for in the upcoming on-site 2017 audits. Although the likelihood that your organization will be selected are slim, (fewer than the 205 desk audits conducted in 2016), the OCR is hoping to identify risks and vulnerabilities not...
Hybrids Beware! You are on OCR’s Radar.
OCR just announced a settlement agreement with the University of Massachusetts-Amherst for a breach of records at its Center for Language, Speech, and Hearing, which was not designated as a covered health care component in its hybridization. UMass is the third hybrid entity in the 43 enforcement actions listed on the HHS website that has...
Problems with Paper: Medical Record Mistakes Put Patients at Risk
From cell phone hacks to bank account scams, cybersecurity has become a priority for most people looking to protect their personal information.
Cybersecurity Frameworks and Cyber Resilience Models: EO 16363, DHS, NIST, C³VP, CRR, RMM, CSF Connecting The Dots
In order to fully understand the implications of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), it is necessary to examine the government directives that precipitated the CSF and how it relates to them.
20 Due Diligence Questions about the HITRUST Certification
This entry is part 1 of 1 in the series CEO-to-CEO20 Due Diligence Questions about the HITRUST Certification A thought to start this article: the single biggest decision your organization will make regarding cyber and information risk management is…how your organization will conduct cyber and information risk management …
Clearwater Compliance Retains 11th Position on 2016 List of the Most Innovative Cybersecurity Companies in the World
Clearwater Compliance, LLC is proud that it has once again been included in Cybersecurity Venture’s List of Cybersecurity 500 innovative companies for the second year in a row. The company retains the number 11 spot in this second edition of the Cybersecurity 500, which is a directory of the “hottest and most innovative” cybersecurity companies...
What is the difference between consent and authorization under the Privacy Rule?
In one of our most popular blog posts, we take a look at consent vs authorization, as they are defined under specific HIPAA regulations. What is Consent? (According to HIPAA) A consent as defined by the Privacy Rule is a general document that gives health care providers, which have a direct treatment relationship with a patient, permission...
