Clearwater Compliance is proud to be the sole source provider for risk analysis software for the U.S. Air Force. The Air Force Medical Facilities will be using our IRM|Analysis™ software to help them to complete a thorough risk assessment to not only ensure compliance with HIPAA regulations but also to monitor and respond to risks as part of a complete information risk management program.
The contract shows an increase in the Air Force Medical Operations Agency’s commitment to keeping our active military personnel and vetarans’ information safe and secure!
The IRM|Analysis™ SaaS application is used by hundreds of organizations today and automates a large part of the NIST Risk Management Process (Frame, Assess, Respond, Monitor).
We are honored to be playing a role in helping the Air Force to safeguard the information of thousands of airmen who receive treatment at one of the 63 military treatment facilities in the US.
About Our Software
IRM|Analysis™ provides an approach and methodology to help organizations conduct a complete Risk Analysis.
It strictly follows the HHS/OCR guidance given for Security Risk Analysis and harnesses the power of the NIST risk assessment processes, covering 4 key stages in effective risk management:
The Failures of Free Tools
Don’t fall into the trap of thinking that the “solution” that HHS/OCR put out is a comprehensive tool for completing a risk assessment: it’s not. The tool is a great first step in the right direction, but it is not a complete journey. It does not meet the stringent requirements of identifying, assessing, responding to and monitoring risks. In other words, it does not enable you to complete a thorough risk analysis.
The tool is attractive to many organizations due to it being free, but you get what you pay for, which in this case is not enough.
Isn’t the privacy and security of our veteran’s information worth more?
Integration of Clearwater software in my curriculum was an awesome success, as you will see from the student feedback. The ability to apply risk methodologies and use a high quality tool to drive lessons home is priceless. As always, I am honored to be working with you guys. Thank you for helping me educate the next generation of InfoSec professionals!
[Other] vendors… come in and assess/audit our facility, give recommendations and leave, and if we need them again we will need to pay another fee. Clearwater offered the same type of consulting but also offered … us the software tool and trained us on the application and uses of it. This way we may preform audits and assessments at any time.
We recommend Clearwater’s software tools and their NIST-based approach to information risk management to other healthcare organizations working to operationalize their programs.