We were impressed by Clearwater Compliance’s ability to provide us with the expertise to quickly and efficiently conduct a rigorous compliance assessment according to the HIPAA Security Rule policy requirement and successfully meet the deadline set forth by AHCCCS.
The University of Arizona Health Plans (UAHP) operates a variety of health plans and also manages Maricopa Health Plan and Maricopa Care Advantage for the Maricopa Integrated Health System. UAHP is a division of The University of Arizona Health Network (UAHN), a non-profit company. UAHP’s mission is ‘advancing health and wellness through education, research and patient care’.
As an Arizona Health Care Cost Containment System (AHCCCS) contractor, UAHP is required to engage an independent 3rd party firm to audit its compliance with the HIPAA Security Rule on an annual basis.
- To identify for immediate remediation any compliance issues to meet the Arizona Health Care Cost Containment System (AHCCCS) requirements
- To comply with the HIPAA Security Rule and conduct the assessment required in AHCCCS Security Rule Compliance Policy # 108
- To determine if reasonable and appropriate policies and procedures to safeguard electronic Protected Health Information (ePHI) in accordance with the HIPAA Security Rule (updated with the Omnibus Final Rule) have been documented and implemented
- Assessed organization’s compliance with HIPAA Security Rule & AHCCCS Standards
- Completed HIPAA Security Assessment & Reassessment
- Evaluated current safeguards
- Identified gaps and new safeguards to enhance and implement
- Updated program to meet Omnibus Final Rule
- Established executive compliance dashboards
- Successfully met the requirements of AHCCCS Policy #108 and HIPAA Security
Evaluation (45 CFR § 164.308(a)(8)) and UAHP timeline requirements
- Provided independent, objective 3rd party input and recommendations;Built a solid educational foundation for future compliance work with key stakeholders
- Completed a rigorous compliance assessment vis-à-vis HIPAA Security Rule, established a baseline/benchmark score and populated a softwaretool with current-state compliance status that has enabled ongoing compliance management