© 2010-11 Clearwater Compliance LLC | All Rights Reserved1

Jon Stone, MPA, PMP

615-210-9612

Jon.Stone@ClearwaterCompliance.comClearwater Compliance LLC

Clearwater HIPAA Security Assessment™ Guided Tour

© Clearwater Compliance LLC | All Rights Reserved

• 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields

• Innovator | Strategic Program Manager | Consultant | Executive

• 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix.

• PMP, MPA - Healthcare Policy and Administration

Jon Stone, MPA, PMP

Jon Stone, MPA, PMP615-210-9612

Jon.Stone@ClearwaterCompliance.com

© Clearwater Compliance LLC | All Rights Reserved

• Regulatory background

• Product features

• Software walkthrough

• Product benefits

Session Objectives

© Clearwater Compliance LLC | All Rights Reserved4

Three Pillars of HIPAA-HITECH Compliance…

Pri

vacy

Sec

uri

ty

Bre

ach

Noti

fica

tion

……

HITECH

HIPAA

Breach Notification IFR• 6 pages / 2K words• 4 Standards• 9 Implementation Specs

Privacy Final Rule• 75 pages / 27K words• 56 Standards• ~ 54 “dense”

Implementation Specs

Security Final Rule• 18 pages / 4.5K words• 22 Standards• ~50 Implementation

Specs

OMNIBUS FINAL RULE

© Clearwater Compliance LLC | All Rights Reserved5

What do the regulations require?

45 C.F.R. §164.308(a)(1)(i) Standard: Security Management Process

(1)(i) Standard: Security management process. Implement policies and

procedures to prevent, detect, contain, and correct security violations.

(ii) Implementation specifications:

45 C.F.R. §164.308(a)(8)

Standard: Evaluation. Perform a periodic technical and non-

technical evaluation, based initially upon the standards

implemented under this rule and subsequently, in response to

environmental or operational changes…

(A) Risk analysis (Required). Conduct an accurate and thorough

assessment of the potential risks and vulnerabilities to the

confidentiality, integrity, and availability of electronic protected health

information…

© Clearwater Compliance LLC | All Rights Reserved

Three Dimensions of HIPAA Security Business Risk Management

Complete a Security

Assessment to

Determine Compliance

Complete a Risk

Analysis to Protect

Sensitive Info

Perform Network and

Penetration Testing for a

full Risk Program

2. Security45 CFR 164.308(a)(1)(ii)(A)

Risk Analysis

1. Compliance45 CFR 164.308(a)(8)

Security Evaluation

3. Test & Audit45 CFR 164.308(a)(8) & OCR Audit

Protocol

© Clearwater Compliance LLC | All Rights Reserved

Why do a Security Assessment?

© Clearwater Compliance LLC | All Rights Reserved

8

Why do a Security Assessment?

Meet 45 CFR 164.308(a)(8) - Evaluation

Be prepared in the event of a breach or complaint driven investigation

Build a solid educational foundation

Jump – Start Overall Security Compliance Program

Demonstrate Good Faith Effort

© Clearwater Compliance LLC | All Rights Reserved9

© Clearwater Compliance LLC | All Rights Reserved

Three Key Compliance Questions

1. Is it documented?

• Policies, Procedures and

Documentation

3. Is it Reasonable and

Appropriate?

• Comply with the implementation

specification

2. Are you doing it?

• Using, Applying, Practicing

and Enforcing

© Clearwater Compliance LLC | All Rights Reserved

Click Here to Go To Website

Software as a Service Demo

© Clearwater Compliance LLC | All Rights Reserved

Sample System Notice

© Clearwater Compliance LLC | All Rights Reserved

13

Results you can count on:

• Completes a key requirement of the HIPAA Security Rule

• Find gaps in your program and know what to remediate first

• Stay compliant through ongoing guidance and support

• Resolve risk exposures and protect ePHI

• Store Compliance documentation in one place using our Cloud based software

• Reduce complexity and guesswork

Results you can count on:

• Completes a key requirement of the HIPAA Security Rule

• Find gaps in your program and know what to remediate first

• Stay compliant through ongoing guidance and support

• Resolve risk exposures and protect ePHI

• Store Compliance documentation in one place using our Cloud based software

© Clearwater Compliance LLC | All Rights Reserved14

Area Feature

Support Unlimited support during normal business

hours

Training 60-90 minutes of live web based training

Extensive free self-service training

User

Provisioning

Easy self service capabilities to add unlimited

numbers of users

Add additional business entities and perform

multiple concurrent assessments for an

additional reasonable price

Software as a Service Advantages

© Clearwater Compliance LLC | All Rights Reserved15

Area Feature

Ease of Access Available 7x24 from an internet connection

No software download required

Supports all common browsers

Business

Continuity

Customer data is backed up every 15 minutes.

Returned to operations in under two hours

Protection Strong firewalls

All data sent or received uses TLS 1.1 encryption

Passwords are stored using strong encryption

Software as a Service Advantages

© Clearwater Compliance LLC | All Rights Reserved

Need help with resources or expertise?

© Clearwater Compliance LLC | All Rights Reserved

Questions?

© Clearwater Compliance LLC | All Rights Reserved18

Or Click Here

If you are interested in a Free Trial please contact us;

(800) 704 - 3394

sales@clearwatercompliance.com

© Clearwater Compliance LLC | All Rights Reserved

Register For Upcoming Live HIPAA-HITECH Webinars at:

http://clearwatercompliance.com/live-educational-webinars/

Get more info…

View pre-recorded Webinars like this one at:

http://clearwatercompliance.com/on-demand-webinars/