American Health Law Association
Tools for Ensuring Appropriate Access to PHI: OCR’s Access Initiative, Enforcement Actions, and Other Considerations

Wes Morris, Managing Principal Consultant, Clearwater, speaks with Joy Easterwood, Johnson Pope Bokor Ruppel & Burns LLP, about the Office for Civil Rights (OCR)’s recently announced eighteenth settlement of an enforcement action in its HIPAA Right of Access Initiative.

Ransomware: The Need for a Business Impact Analysis

Cathie Brown, VP Consulting Services, Clearwater discusses the value of doing a BIA before an attack occurs to improve your organizations decision making process during a crisis.

Listen at

American Health Law Association
Increasing Cyber Personal Liability for Directors and Officers

Bob Chaput, Founder and Executive Chairman, Clearwater, speaks to Leon Rodriguez, Partner, Seyfarth Shaw, about the C-Suite and Board-led transformation that is required to manage cybersecurity risks in health care.

HIMSS Tennessee Chapter
The Cyber Risk Relationship Between Providers and Their Associates
with Steve Cagle

In this episode of HIT Focus, brought to you by Tennessee HIMSS, Cagle talks with host Clark Buckner about the importance of developing a comprehensive risk management strategy, especially when working with new business associates or other third parties.

ASHRM Podcasts
Making Cyber Risk an Enterprise Risk Management Concern

Drawing on his nearly 40 years of experience supporting hundreds of hospitals and health systems with compliance risk management and cyber risk management initiatives, Bob Chaput discusses the important collaboration between the Chief Risk Officer and the Chief Information Security Officer in developing a more comprehensive enterprise cyber risk management strategy for securing healthcare data, system and devices that is part of the organization’s broader Enterprise Risk Management program.

American Health Law Association
HIPAA Compliance and Cybersecurity Concerns for Physician Practice Groups

Baxter Lee, CFO, Clearwater, speaks to Nesrin Tift, Partner, Bass Barry & Sims, about the compliance and cybersecurity environment that physician practice groups face.

American Health Law Association
Building a Strong HIPAA Compliance and Data Privacy Program for Business Associates

Jon Moore, Chief Risk Officer and Senior Vice President of Consulting Services, Clearwater, speaks with Kezia Cook Robinson, Compliance and Privacy Officer, Uber Health, about building a strong HIPAA compliance and data privacy program for health care entities and business associates. The speakers discuss how Uber technology addresses social determinants of health, such as transportation issues. They also talk about the cybersecurity and risk management standards that business associates face and best practices for designing effective compliance programs, covered entities’ expectations of vendors, and HHS Office for Civil Rights enforcement.

Healthcare's Enterprise Cyber Risk Management Imperative

Catherine Short converses with Bob Chaput, Founder and Executive Chairman of the Board of Clearwater, a provider of healthcare compliance and cyber risk management software and consulting services, on the topic of “Healthcare’s Enterprise Cyber Risk Management Imperative.” Healthcare organizations continue to see escalating numbers of cyberattacks. It is no longer a matter of if your organization will be targeted, but when. What is at stake? Everything.

American Health Law Association
Privacy and Security Risks of APIs

Jon Moore, Clearwater, and Iliana Peters, Polsinelli PC, talk about the importance of application programming interfaces (APIs) in connection with health care data. The podcast discusses the recently issued OCR final rule and how the rule impacts APIs. The speakers also discuss common vulnerabilities associated with APIs and give practical tips on steps an organization can take before implementing an API.

American Health Law Association
The Need for HIPAA Risk Analysis in M&A Due Diligence

Jon Moore, Clearwater, and Iliana Peters, Polsinelli PC, discuss cyber risk as part of the due diligence process.  Specifically, the podcast covers what steps an acquiring entity should take to limit its exposure to potential liabilities and reduce risk; ongoing management of risk and best practices; and risk analysis trends as a component of representations and warranties insurance.

American Health Law Association
HIPAA Privacy Proposed Rule - What Lawyers Need to Know

Wes Morris, Clearwater, and Kirk J. Nahra, WilmerHale, discuss the recently-issued Health Insurance Portability and Accountability Act (HIPAA) proposed rule. The podcast discusses key changes made by the proposal, including changes to the minimum necessary standard for care coordination and other information disclosure changes.

American Health Law Association
What Constitutes OCR-Quality Risk Analysis

Jon Moore, Clearwater, and Iliana Peters, Polsinelli PC, talk about what type of risk analysis the Department of Health and Human Services Office for Civil Rights (OCR) expects for compliance with the HIPAA Security Rule. The podcast discusses why it’s important to perform risk analysis at the information system level and the implications of not performing a comprehensive, enterprise-wide risk analysis. The speakers also make practical recommendations to help organizations evolve their approach to analyzing and responding to information security risk.


In this podcast, Bob Chaput talks about changes in his role and the organization of the company. He also speaks on the importance of organizations investing in cybersecurity, risk analysis, and cyber-driven medical malpractice.

Click here to listen