As with many majority metropolitan hospitals, our IT team had many competing priorities in our strategic plan. We didn’t really have the bandwidth or skill set to do the comprehensive Meaningful Use Risk Analysis without expert help. Clearwater provided us with experienced resources, efficient processes and software training to ensure that we got the most useful, actionable information, while meeting regulatory requirements. With the Clearwater software platform in place, we can now build out our information risk management program.
A multi-location complex system, this nationally recognized and award winning hospital provides primary and advance specialty healthcare services, research and family support.
- Timing to complete Meaningful Use requirements for a Risk Analysis was growing short
- With multiple locations, physical servers, virtual machines, and hundreds of end-user devices, the magnitude of the work to compete a comprehensive analysis of risks was daunting
- With multiple priorities facing the IT Security Team, resources and expertise to conduct the Risk Analysis were in high demand
- Established the overall risk analysis program approach with expert, highly credentialed security risk analysts
- Completed full life-cycle NIST-based risk analysis and risk response work according to HHS/OCR risk analysis guidance using Clearwater’s Information Risk Analysis software
- Completed knowledge transfer to the internal security team to complete ongoing risk management work and continue required annual assessments
- Met the Risk Analysis requirement in both the HIPAA Security Rule (45 CFR § 164.308(a)(1)(ii)(A)) and for EHR Incentive Program
- Trained internal team on the use of Clearwater’s IRM|Security™ software platform for ongoing remediation progress, implementation and maturing of its information risk management program
Products & Services Employed
Latest posts by Elaine Axum (see all)
- OCR getting tougher about information security - October 12, 2016
- A CIO, consultant and infosec vendor nail down cybersecurity best practice lists - October 10, 2016
- Tech Remedies for Regulatory Compliance - October 1, 2016