Copyright Notice
Copyright Notice. All materials contained within this document are
protected by United States copyright law and may not be
reproduced, distributed, transmitted, displayed, published, or
broadcast without the prior, express written permission of Clearwater
Compliance LLC. You may not alter or remove any copyright or
other notice from copies of this content.
For reprint permission and information, please direct your inquiry to
bob.chaput@clearwatercompliance.com
© Clearwater Compliance LLC | All Rights Reserved
Legal Disclaimer
Legal Disclaimer. This information does not constitute legal advice and is for
educational purposes only. This information is based on current federal law and
subject to change based on changes in federal law or subsequent interpretative
guidance. Since this information is based on federal law, it must be modified to
reflect state law where that state law is more stringent than the federal law or other
state law exceptions apply. This information is intended to be a general information
resource regarding the matters covered, and may not be tailored to your specific
circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND
ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR
OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational
reference in any of the following materials should not be assumed as an
endorsement by Clearwater Compliance LLC.
© Clearwater Compliance LLC | All Rights Reserved
Clearwater HIPAA Privacy and Breach
Notification Assessment™
Guided Tour
(800)704-3394
sales@clearwatercompliance.com
© Clearwater Compliance LLC | All Rights Reserved
Jon Stone, MPA, PMP
• 25+ years in Healthcare in the provider, payer
and healthcare quality improvement fields
• Innovator | Strategic Program Manager |
Consultant | Executive
• 15+ years of strategic leadership for
compliance and Healthcare information
technology projects involving the most
sensitive ePHI for companies such as CIGNA,
Healthways and Ingenix.
Jon Stone, MPA, PMP
• PMP, MPA - Healthcare Policy and
615-210-9612
Passion: Implementing Privacy and Security
by design; aiding others in achieving
Jon.Stone@ClearwaterCompliance.com
Administration
and maintaining compliance
© Clearwater Compliance LLC | All Rights Reserved
Wes Morris, CHPS
• 25+ years in Healthcare
• 20 years in Clinical Care
• 10+ years specific experience in HIPAA Privacy and
Security
• Experienced Hospital Privacy and Security Officer,
Team Lead and Subject Matter Expert
• Certified in Healthcare Privacy and Security (CHPS)
• Examination Development Committee Member for
CHPS Exam
• Mentor HIM students and candidates
Wes Morris, CHPS
Wes.morris@clearwatercompliance.com
© Clearwater Compliance LLC | All Rights Reserved
Lee Painter, CISSP, C|EH
• 15+ years in Information Assurance and Computer
Network Defense
• 15+ years training customers on the need to
understand and adopt best practices
• Experience as an Information Systems Security Officer
for the Department of Homeland Security
• Passionate Security Professional with a drive to provide
not just knowledge but understanding
• Certified Information Systems Security
Professional(CISSP)
• Certified Ethical Hacker(C|EH)
Lee Painter, CISSP, C│EH
lee.painter@clearwatercompliance.com
© Clearwater Compliance LLC | All Rights Reserved
Objective
Learn how to use the Clearwater HIPAA Privacy Breach
Notification Assessment™ Software as a Service
Agenda
•
•
•
•
Regulatory Background
Features
Software walkthrough
Product Benefits
© Clearwater Compliance LLC | All Rights Reserved
HIPAA Business Risk Management Life Cycle
Security
Assessment
Risk Analysis
Privacy
Assessment
Remediation
Risk
Response
Assess
Respond
Workforce
Training
Frame
ePHI
Discovery
Governance
Risk Strategy
Monitor
© Clearwater Compliance LLC | All Rights Reserved
Technical
Testing
Auditing
Three Pillars of HIPAA-HITECH Compliance…
HITECH
HIPAA
Privacy Final Rule
• 75 pages / 27K words
• 56 Standards
• ~ 54 “dense”
Implementation Specs
© Clearwater Compliance LLC | All Rights Reserved
Security Final Rule
• 18 pages / 4.5K words
• 22 Standards
• ~50 Implementation
Specs
Breach
Notification
Security
…
Privacy
OMNIBUS FINAL RULE
Breach Notification IFR
• 6 pages / 2K words
• 4 Standards
• 9 Implementation Specs
…
What’s New?
© Clearwater Compliance LLC | All Rights Reserved
What’s New?
•
•
•
•
•
The # of Data Breaches are Up
The Average Cost of a Data Breach is Up
The # of Complaints to HHS is Up
The # of Investigations by OCR is Up
State Privacy Laws are tightening
© Clearwater Compliance LLC | All Rights Reserved
What’s New?
• State AGs are flexing their muscles
• The Courts are beginning to “widen their view”
of data breach damages
• “Meaningful Use” Audits are underway
• False Claim Act Violations
• SEC requiring Disclosure
© Clearwater Compliance LLC | All Rights Reserved
The Intersection of Privacy & Security
Choice
Notice
Access
© Clearwater Compliance LLC | All Rights Reserved
Confidentiality
Integrity
Availability
Controls
Safeguards
Why Do A Privacy
Assessment?
• OCR Preliminary Observations:
Weaknesses in Meeting Privacy Rule Requirements
• OCR Corrective Action Plans:
Strengthen Privacy Administrative Requirements
• “Wall of Shame” and Industry Surveys: More Breaches Result from
Insider Actions than Outsider Hackers
• Complaints to OCR: Highlight Privacy Concerns and Violations
© Clearwater Compliance LLC | All Rights Reserved
Clearwater HIPAA Privacy &
Breach Notification Assessment™
Categories of
Regulatory Requirements
# of Assessment
Questions
# of OCR Audit
Protocols
Administrative Requirements
Permitted Uses and Disclosures
Authorized Uses and Disclosures
12
23
8
10
24
3
Minimum Necessary
Notice of Privacy Practices
Other Individual Rights
Other Provisions
Organizational Requirements
Breach Notification
Total
11
8
10
10
3
9
8
7
16
7
3
10
94
88
© Clearwater Compliance LLC | All Rights Reserved
Three Key Compliance Questions
1. Is it documented?
• Policies, Procedures and
Documentation
2. Are you doing it?
• Using, Applying, Practicing
and Enforcing
3. Is it Reasonable and
Appropriate?
• Comply with the implementation
specification
© Clearwater Compliance LLC | All Rights Reserved
Features
© Clearwater Compliance LLC | All Rights Reserved
© Clearwater Compliance LLC | All Rights Reserved
Benefits of a Privacy
Assessment
1.
2.
3.
4.
5.
6.
7.
8.
Prepare for Mandatory Audits or Investigations
Build Solid Educational Foundation
Re-energize Overall Compliance Program
Establish a Baseline for Progress Monitoring
Understand Gaps in Compliance
Develop/Execute on a Thoughtful Remediation Plan
Receive an Independent, Objective 3rd Party Review
Reduce the Risk of a Costly Data Breach
© Clearwater Compliance LLC | All Rights Reserved
Support
 Unlimited support during normal business hours
 Phone and email support
Training
 60-90 minutes of live web based training
 Extensive free self-service training
User Provisioning
 Easy self service capabilities to add unlimited numbers of users
 Add additional business entities and perform multiple concurrent
assessments for an additional reasonable price
© Clearwater Compliance LLC | All Rights Reserved
Ease of Access
 Available 7x24 from an internet connection
 No software download required
 Supports all common browsers
Business Continuity
 Customer data is backed up every 15 minutes
 Returned to operations in under two hours
Protection
 Strong firewalls
 All data sent or received uses TLS 1.1 encryption
 Passwords are stored using strong encryption
© Clearwater Compliance LLC | All Rights Reserved
Need help with resources or expertise?
© Clearwater Compliance LLC | All Rights Reserved
Clearwater Customer Community
• Where Clearwater customers go to get
additional value and benefits
Customer Council Meetings
• Complimentary educational content
• A place for customers interact and learn from
each other
Customer Forum
• A place for software customers to privately post questions and
chat with peers
© Clearwater Compliance LLC | All Rights Reserved
Questions?
© Clearwater Compliance LLC | All Rights Reserved
If you are interested in a
Free Trial please contact us;
(800) 704 - 3394
sales@clearwatercompliance.com
Or Click Here
© Clearwater Compliance LLC | All Rights Reserved
Get more info…
Register For Upcoming Live
HIPAA-HITECH Webinars at:
http://clearwatercompliance.co
m/live-educational-webinars/
View pre-recorded Webinars
like this one at:
http://clearwatercompliance.
com/on-demand-webinars/
© Clearwater Compliance LLC | All Rights Reserved