© Clearwater Compliance LLC | All Rights Reserved Copyright Notice Copyright Notice. All materials contained within this document are protected by United

© Clearwater Compliance LLC | All Rights Reserved

Copyright NoticeCopyright Notice. All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content. For reprint permission and information, please direct your inquiry to [email protected]

mailto:[email protected]


Legal DisclaimerLegal Disclaimer. This information does not constitute legal advice and is for educational purposes only. This information is based on current federal law and subject to change based on changes in federal law or subsequent interpretative guidance. Since this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource regarding the matters covered, and may not be tailored to your specific circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC.


Clearwater HIPAA Privacy and Breach Notification Assessment™

Guided Tour

(800)[email protected]


Passion: Implementing Privacy and Security by design; aiding others in achieving

and maintaining compliance

Jon Stone, MPA, PMP

• 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields

• Innovator | Strategic Program Manager | Consultant | Executive

• 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix.

• PMP, MPA - Healthcare Policy and Administration

Jon Stone, MPA, PMP615-210-9612

[email protected]

http://clearwatercompliance.com/our-team/jon-stone-vice-president/



Wes Morris, CHPS

• 25+ years in Healthcare• 20 years in Clinical Care• 10+ years specific experience in HIPAA Privacy and

Security• Experienced Hospital Privacy and Security Officer,

Team Lead and Subject Matter Expert• Certified in Healthcare Privacy and Security (CHPS)• Examination Development Committee Member for

CHPS Exam• Mentor HIM students and candidates Wes Morris, CHPS

[email protected]



Lee Painter, CISSP, C|EH

• 15+ years in Information Assurance and Computer Network Defense

• 15+ years training customers on the need to understand and adopt best practices

• Experience as an Information Systems Security Officer for the Department of Homeland Security

• Passionate Security Professional with a drive to provide not just knowledge but understanding

• Certified Information Systems Security Professional(CISSP)

• Certified Ethical Hacker(C|EH) Lee Painter, CISSP, C│[email protected]



ObjectiveLearn how to use the Clearwater HIPAA Privacy Breach Notification Assessment™ Software as a Service

Agenda

• Regulatory Background• Features• Software walkthrough• Product Benefits


Frame

Monitor

RespondAssess

HIPAA Business Risk Management Life CyclePrivacy

AssessmentSecurity

Assessment

Risk Analysis

ePHI Discovery

Risk Response

Remediation

Risk StrategyGovernance

AuditingTechnical Testing

WorkforceTraining


Three Pillars of HIPAA-HITECH Compliance…

Privacy

Security

Breach

Notification

……

HITECH

HIPAA

Breach Notification IFR• 6 pages / 2K words• 4 Standards• 9 Implementation Specs

Privacy Final Rule• 75 pages / 27K words• 56 Standards• ~ 54 “dense”

Implementation Specs

Security Final Rule• 18 pages / 4.5K words• 22 Standards• ~50 Implementation

Specs

OMNIBUS FINAL RULE


What’s New?


What’s New?

• The # of Data Breaches are Up• The Average Cost of a Data Breach is Up• The # of Complaints to HHS is Up• The # of Investigations by OCR is Up• State Privacy Laws are tightening


What’s New?

• State AGs are flexing their muscles• The Courts are beginning to “widen their view”

of data breach damages• “Meaningful Use” Audits are underway• False Claim Act Violations• SEC requiring Disclosure


The Intersection of Privacy & Security

ChoiceNoticeAccess

ControlsSafeguards

Privacy SecurityConfidentiality

IntegrityAvailability


Why Do A Privacy Assessment?

• OCR Preliminary Observations: Weaknesses in Meeting Privacy Rule Requirements

• OCR Corrective Action Plans: Strengthen Privacy Administrative Requirements

• “Wall of Shame” and Industry Surveys: More Breaches Result from Insider Actions than Outsider Hackers

• Complaints to OCR: Highlight Privacy Concerns and Violations


Categories of Regulatory Requirements

Administrative Requirements 12 10

Permitted Uses and Disclosures 23 24

Authorized Uses and Disclosures 8 3

Minimum Necessary 11 8

Notice of Privacy Practices 8 7

Other Individual Rights 10 16

Other Provisions 10 7

Organizational Requirements 3 3

Breach Notification 9 10

Total 94 88

# of Assessment Questions

# of OCR Audit Protocols

Clearwater HIPAA Privacy & Breach Notification Assessment™


Three Key Compliance Questions

1. Is it documented?• Policies, Procedures and Documentation

3. Is it Reasonable and Appropriate?• Comply with the implementation

specification

2. Are you doing it?• Using, Applying, Practicing and Enforcing


Features



Benefits of a Privacy Assessment

1. Prepare for Mandatory Audits or Investigations2. Build Solid Educational Foundation3. Re-energize Overall Compliance Program 4. Establish a Baseline for Progress Monitoring5. Understand Gaps in Compliance6. Develop/Execute on a Thoughtful Remediation Plan7. Receive an Independent, Objective 3rd Party Review8. Reduce the Risk of a Costly Data Breach


Support Unlimited support during normal business hours Phone and email support

Training 60-90 minutes of live web based training Extensive free self-service training

User Provisioning Easy self service capabilities to add unlimited numbers of users Add additional business entities and perform multiple concurrent

assessments for an additional reasonable price


Ease of Access Available 7x24 from an internet connection No software download required Supports all common browsers

Business Continuity Customer data is backed up every 15 minutes Returned to operations in under two hours

Protection Strong firewalls All data sent or received uses TLS 1.1 encryption Passwords are stored using strong encryption


Need help with resources or expertise?


Clearwater Customer Community• Where Clearwater customers go to get

additional value and benefits

Customer Council Meetings• Complimentary educational content• A place for customers interact and learn from

each other

Customer Forum• A place for software customers to privately post questions and

chat with peers


Questions?


Or Click Here

If you are interested in a Free Trial please contact us;

(800) 704 - [email protected]

http://clearwatercompliance.com/contact-2/

mailto:[email protected]?subject=Risk%20Analysis%20Software%20Inquiry


Register For Upcoming Live HIPAA-HITECH Webinars at:

http://clearwatercompliance.com/live-educational-webinars/

Get more info…

View pre-recorded Webinars like this one at:

http://clearwatercompliance.com/on-demand-webinars/





Documents

© Clearwater Compliance LLC | All Rights Reserved Copyright Notice Copyright Notice. All materials contained within this document are protected by United