We definitely feel Clearwater will be instrumental in helping us avoid future fines by remaining compliant with privacy and HIPAA regulations. Clearwater’s software is also providing us with a framework for managing our risk across other business lines like administration, safety and compliance – even finance!
Anchorage Community Mental Health Services, Inc. (ACMHS) has been the largest community mental health provider in the state of Alaska since 1974. ACMH’S mission is to promote recovery and wellness by providing consumer-driven behavioral health care services to the people of Anchorage and surrounding areas.
- An OCR investigation following a breach of unsecured electronic protected health information (ePHI) resulted in a corrective action plan and over $3 million in fines.
- Establishing a HIPAA information risk management program in response to the investigation included:
o Conducting an accurate and thorough assessment of the risks and vulnerabilities threatening the security of ePHI.
o Implementing mandated policies and procedures, as well as technical security measures to guard against unauthorized access to ePHI
- Utilized Clearwater’s IRM|AnalysisTM software to conduct a bona fide
HIPAA security risk analysis.
- Met the explicit requirement for a risk analysis within the Security
Management Process Standard [45 CFR 164.308(a)(1)] of the HIPAA
Security Final Rule.
- Generated reports from IRM|AnalysisTM for submission to the Health and
Human Office for Civil Rights to demonstrate evidence of a bona fide risk
- Completed a rigorous security self-assessment vis-à-vis HIPAA Security Rule, establishing a baseline / benchmark score and populating the software tool with a current-state Risk status that will enable ongoing risk management.
- Implemented required policies and procedures, and administrative and
technical security measures.
- Achieved a 100% score on OCR post-investigation audit.
- Reduced OCR fine from $3.3M to $150,000!
- Ongoing solutions from Clearwater will be essential in keeping the fine in
abeyance during the 2 year Compliance Agreement with OCR.