Tutorial on OCR-Quality Risk Analyses and Risk Management for CEs and BAs

February 21, 2019

11am – 12pm CT

Reserve your seat
Join us for this complimentary educational webinar and learn a step-by-step methodology based on OCR and NIST guidance, aided by award-winning software

Alex Masten
Alex Masten

Director, Training and
Solutions Architecture

There are plenty of ways to squander several million dollars, but none quite as frustrating as forking over hefty amounts to HHS’s Office for Civil Rights (OCR); funds that could be used to better improve patient care and treatment.  In each of these recent cases, Texas health system ($2.20MM), St. Joseph’s Health ($2.1MM), and Advocate ($5.6MM), the organizations were found not to have completed a HIPAA Risk Analysis and Risk Management that truly meets OCR’s increasingly more stringent ‘standard of care’.

It is clear that the majority of healthcare organizations struggle to fully comprehend the scope of an OCR-Quality Risk Analysis.  Simply put, an accurate and complete HIPAA Risk Analysis must include all information assets in all lines of business in all facilities and in all locations.  If that sounds like lot, it is.  But when approached with a step-by-step methodology based on OCR and NIST guidance, aided by award-winning software, it is achievable.

Attend this live web event and learn a step-by-step methodology based on OCR and NIST guidance, aided by award-winning software.   Clearwater is the best in the world at conducting OCR-Quality™ risk analyses and risk management and have earned numerous awards and recognition, including the Best In KLAS 2018. While OCR cannot endorse commercial organizations, Clearwater is a well-known and proven risk management partner in the eyes of OCR.  Their tacit endorsement is evidenced in recent web and live speaking events with current and former members of the Office for Civil Rights.

Learning Outcomes

If you receive, create, maintain or transmit ePHI or any sensitive information for which you cannot afford loss or harm, you should attend this session.

  • Explaining the difference between compliance and security
  • Citing the specific regulatory requirements for risk assessment
  • Defining fundamental risk terminology
  • Explaining why risk assessment is a core foundational step for any information security program
  • Describe the fundamentals of Information Risk Assessment
  • Describe the fundamentals of Information Risk Management


This 60-minute webinar has been designed to help covered entities and business associates understand and act on the specific Risk Analysis requirements included in:

  • the HIPAA Risk Analysis implementation specification language at 45 CFR §164.308(a)(1)(ii)(A) of the HIPAA Security Rule;
  • the methodology outlined in the HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”;
  • the underlying NIST Special Publications for performing a risk assessment and, specifically NIST SP 800-30 “Guide for Conducting Risk Assessments”;
  • the documentation found in OCR investigation letters and “OCR Resolution Agreements / Corrective Action Plans”.
  • the “OCR Audit Protocol – Updated April 2016” specific to Risk Analysis and Risk Management.
  • our work with numerous organizations subjected to OCR enforcement actions that included reviews of organizations’ risk analyses.

Contact us today to speak to one of our experts about how we can help your organization.