This entry is part 8 of 9 in the series CEO-to-CEO

Change your compliance conversationAs the leader in your organization, you have many priorities to balance and decisions to make.  If you’re like most CEOs, your primarily worried about growth, great patient/member/resident/customer service, high quality solutions and, if you’re a direct line provider, the best possible healthcare outcomes.

In healthcare, risk management comes with the territory.  After all, “First, do no harm!”  There was a time when loss or harm, the outcome of bad risk management, was solely based on clinical processes and procedures.

Today, with the widespread adoption of information technology driven by The HITECH Act and the need to share more and more clinical information driven by the Patient Protection and Affordable Care Act, loss or harm is emerging out of information processes and procedures.  That is, the compromise of the confidentiality, integrity and/or availability of individually identifiable health information can result in reputational, financial and clinical harm to our patients, plan members, facility residents, employees and customers.  These losses can result in companies being placed at a competitive disadvantage.

CEOS – Lead, by changing the conversation: It’s not about regulatory compliance

With all the priorities on your plate, you cannot personally become the Chief Information Risk Officer in your organization.  At the same time, you can provide the air cover people in your organization need by changing the conversation.  It’s not about compliance with the mesh of state and federal privacy and security regulations — that’s the easy part and a fairly low standard.

It’s about quality of care, patient safety and, in the end, the survival of your organization.  Treating this matter as a solely Chief Privacy Officer or Chief Security Officer or Chief Information Officer or some other poor recipient’s agenda item is wrong.  This matter is a business risk management and a patient/member/resident/employee/customer risk management issue that you must own.

Start owning it by changing the conversation within your organization: information risk management is about patient safety, quality of care and competitive advantage.  In changing the conversation, you’ll start changing the culture by letting your colleagues know that you get it.

We can assist you!

In our recently published white paper, we introduced the Clearwater Information Risk Management Capability Advancement Model™ (IRMCAM™) White Paper and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective information risk management program best suited to their unique needs.


Privacy, Security and Compliance Risk Management Resources Available to You

Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Register for one of Clearwater’s complimentary webinars on information risk analysis and risk management basics and get to grips with these issues and more.

Series Navigation<< CEO-to-CEO: Your Next Information Security Expenditure?20 Due Diligence Questions about the HITRUST Certification >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.