As a non-profit working with an under served population, we needed to find expert resources to respond quickly and effectively to the data requests and
questions from OCR following the theft of a server. With Clearwater’s help, our response was timely, accurate and compelling. Bottom Line: No fines were assessed.
Incorporated in 1991, SHIELDS for Families is a community-based, non-profit 501(c)(3) organization serving families residing in South Los Angeles. SHIELDS currently employs over 380 full-time employees with an annual budget of over $28 million to serve 10,000 families annually in 39 programs. The organization self-reported a breach to OCR and six months later received an information request list.
- To respond to a detailed information request list from OCR regarding a breach
- To establish and declare the organization as a hybrid entity
- To identify any other security or compliance gaps that exist and prioritize a remediation plan
- Developed content and organized information to reply to OCR’s requests through research and interviews
- Completed HIPAA risk analysis using Clearwater’s IRM|Analysis™ software
- Cross walked Policies and Procedures to the HIPAA regulations and provided recommendations and templates to strengthen
- Examined organizational structure and programs to define hybrid and HIPAA/non-HIPAA components
- No fines, penalties or corrective action plans were assessed by OCR for the breach
- Met the Security Rule requirement to conduct a comprehensive risk analysis and strengthened SHIELDS security program
- Established the organization as a hybrid and identified the HIPAA Healthcare Components
- Strengthened SHIELDS’ compliance program through updated policies and procedures, including incident response