Background

How confident are you in your

Risk Analysis?

Data Network

68% of 2012 OCR Phase I Audits

FAILED

Risk Analysis

We are seeing this more and more:

"OCR has determined that the risk analysis submitted by your organization does not meet the requirement set forth at 45 CFR 164.308(a)(1)(ii)(A)."

Brown pencil with step pile of paperwork as background

OCR’s Phase II Audit Program focus is on

Risk Analysis

&

Risk Management

AAEAAQAAAAAAAAV3AAAAJDU4NmQ1OGU2LTlhNWYtNGM1ZS04OGUzLTM1YjI1MDNiODY5Yw

Get a complimentary, expert second opinion of your risk analysis!

Certainty is a click away. Let’s get started!

This offer is currently only available to qualified hospitals and health systems. Please submit your request and our team will be in touch to let you know if you qualify.

Request Your Review

Are you concerned that an audit or investigation might return this?

OCR has determined that the risk analysis submitted by your organization does not meet the requirement set forth at 45 CFR 164.308(a)(1)(ii)(A).  Please review OCR’s guidance on the Security Rule’s risk analysis / risk assessment requirement located at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalintro.html. For additional information, you may also wish to consult the National Institute of Standards and Technology’s SP 800-30 Rev. 1 “Guide for Conducting Risk Assessments,” located at http://csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf” 

Your Complimentary Review Includes:

This complimentary HIPAA Risk Analysis Methodology Assessment highlights and utilizes the nine essential elements of a bona fide risk analysis as provided in HHS / OCR Guidance on Risk Analysis Requirements under the HIPAA Security Rule.

Our independent review is based on the standards laid out in 45 CFR §164.308(A)(1)(ii)(A) in the HIPAA Security Rule and Guidance on Risk Analysis Requirements under the HIPAA Security Rule.

The review will result in a specific scorecard vis-a-vis this standard which OCR uses in its HIPAA Security Rule enforcement actions (e.g., investigations, audits, compliance reviews).  Specific recommendations in each of the nine areas will be provided.

This report will enable executives, managers,  attorneys and security professionals to reduce the legal, financial and regulatory risks that may result from failure to complete a proper risk analysis. It will identify the difference between a risk analysis, a compliance gap assessment and technical testing, provide examples from OCR investigations and settlements of what regulators expect to see in a risk analysis and risk management plan, and discuss the role of attorneys and client privilege with respect to the risk analysis process.  

Request a Review

Key Findings Include:

  • Assessment of whether current form will meet OCR audit, compliance review or investigation standards.
  • Identification of deficiencies found based on HIPAA Security Rule Implementation Specifications and OCR Audit Protocol.
  • Identification of deficiencies found against “9 essential elements” of risk analysis in HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”

Why Clearwater?

  1. We’ve performed 100s of risk analyses for 100s of organizations
  2. Our risk analyses have been vetted as part of OCR / OIG / CMS enforcement activities
  3. Our rigorous award-winning approach has the exclusive endorsement of the American Hospital Association
Request Your Review