CASE STUDY

The University of Arizona Health Plans

Project Overview

The University of Arizona Health Plans (UAHP) operates a variety of health plans and also manages Maricopa Health Plan and Maricopa Care Advantage for the Maricopa Integrated Health System. UAHP is a division of The University of Arizona Health Network (UAHN), a non-profit company. UAHP’s mission is ‘advancing health and wellness through education, research and patient care’.

As an Arizona Health Care Cost Containment System (AHCCCS) contractor, UAHP is required to engage an independent 3rd party firm to audit its compliance with the HIPAA Security Rule on an annual basis.

Challenges

To identify for immediate remediation any compliance issues to meet the Arizona Health Care Cost Containment System (AHCCCS) requirements
To comply with the HIPAA Security Rule and conduct the assessment required in AHCCCS Security Rule Compliance Policy # 108
To determine if reasonable and appropriate policies and procedures to safeguard electronic Protected Health Information (ePHI) in accordance with the HIPAA Security Rule (updated with the Omnibus Final Rule) have been documented and implemented

Solutions

Outcomes

Successfully met the requirements of AHCCCS Policy #108 and HIPAA Security Evaluation (45 CFR § 164.308(a)(8)) and UAHP timeline requirements
Provided independent, objective 3rd party input and recommendations; Built a solid educational foundation for future compliance work with key stakeholders
Completed a rigorous compliance assessment vis-à-vis HIPAA Security Rule, established a baseline/benchmark score and populated a software tool with current-state compliance status that has enabled ongoing compliance management

Download Case Study

The Clearwater Compliance website has been a critical source of information for my HIPAA compliance efforts over many years. The information format is easy to read and understand, and it gets to the point. Clearwater Compliance obviously cares about helping us keep out of trouble!

Tim Moser

Shawnee Township Fire Department

We choose Clearwater because they are a front runner in consulting and assisting with this area. And, they also have developed Risk Analysis software to help you meet the Meaningful Use criteria and qualify for incentives. They may be listed as a consulting group, but they will also train and adjust to whatever is needed based upon your in-house expertise.

Wayne Richmond

Princeton Community Hospital

Products & Services Employed

HIPAA Security Assessment WorkShop™

Clearwater’s HIPAA Security Assessment WorkShop™ combines our proprietary software solution with hands on training and support from a team of seasoned experts to set you up for success.

IRM|Security™

Clearwater’s HIPAA Security Assessment Software

Exclusive, first rate software tool for completing the periodic Security evaluation required by the HIPAA Security Rule: All 22 Standards, 50 Implementation Specifications and 77 Audit Protocols.

Clearwater Consulting Services

Receive high quality, credible assessments and action plans to address your gaps with Clearwater HIPAA consulting services.

Tim Moser

Shawnee Township Fire Department

Wayne Richmond

Princeton Community Hospital

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017, 2018, and 2019 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions.