Without Clearwater’s guidance and support, we would never have received
the accolades from the OCR investigator for our compliance program that we did.
David Andrews, Chief Compliance Officer
Download PDF

Project Overview

Hospice Compassus (HC), founded in 1979, is dedicated to compassionate care, clinical excellence, and providing comfort and support to patients with life-limiting illnesses and their family members. HC now has over 50 community-based hospice centers in 15 states and is a leader in palliative care. HC promotes regulatory compliance and information security.

  • Rapid growth through acquisition
  • High turnover of clinicians in stressful occupation
  • Wide use of mobile devices by traveling clinicians
  • Need for Privacy, Security & Breach Rule help
  • Data Breach triggered OCR Investigation
  • Assessed compliance status with Clearwater’s IRM|Security™ and IRM|Privacy™ software
  • Utilizing Clearwater’s IRM|Analysis™ software, identified and assessedrisks to HC’s assets maintaining or transmitting ePHI
  • Completed a rigorous compliance assessment as required by the HIPAA Security Rule regulation for a Security Evaluation (45 C.F.R. § 164.308(a)(8))
  • Established baseline of compliance in HIPAA program; prioritized and implemented remediation plan
  • Completed a bona fide risk analysis as required by the HIPAA Security Rule (45 C.F.R. § 164.308(a)(1)(ii)(A))
  • Identified high-risk information exposures and prioritized mitigation activities to reduce those exposures
  • Strengthened formal information risk management program
  • Produced evidence of compliance with HIPAA-HITECH
  • Passed OCR Investigation: no fines, no penalties

Products & Services Employed

Contact Us

Interested in how the solutions featured in this case study could help your organization?

Contact our expert team today to arrange a brief discovery call
Contact Us