© Clearwater Compliance LLC | All Rights Reserved

Managed Compliance Services

Clearwater Compliance LLC

May 2014

1

Bob Chaput, MA, CISSP, HCISPP, CIPP/US CEO & Founder

Clearwater Compliance LLC 615-656-4299 or 800-704-3394

bob.chaput@ClearwaterCompliance.com

© Clearwater Compliance LLC | All Rights Reserved

HIPAA-HITECH Credentials

2

• Since 2010 • ~350 Customers; across US • Compliance Gap Assessments | Risk Analyses |

Technical Testing | Policies & Procedures | Training | Remediation | Executive Coaching | BootCamps | Business Associate Management

• ~20 Audits & Investigations currently • Raving Fan customers!

Helping YOU Become and Remain Compliant

© Clearwater Compliance LLC | All Rights Reserved

3

© Clearwater Compliance LLC | All Rights Reserved

What Makes The Leader

4

2. We only work with clients who insist on becoming and remaining compliant (no box checkers)

3. We’re healthcare executives helping other healthcare executives (we left the kids on the bus)

4. We religiously follow the Regs / Rules and industry-recognized Standards (we don’t make CSF-stuff up)

1. Our industry-leading web-based software operationalizes your program (no DOA PDF reports)

© Clearwater Compliance LLC | All Rights Reserved

Managed Compliance Services Engage Virtual Compliance

Officer Access Complete Team of

Experts Design & Operationalize

Compliance Program Address All Three

Regulatory “Pillars” Adopt Continuous Process

Improvement Approach Receive Ongoing

Maintenance, Updates & Support Obtain Full Support in

Breaches or OCR Audits / Investigations

5

Fishing Expedition

© Clearwater Compliance LLC | All Rights Reserved

Managed Compliance Services

6

• Systematic, Sustainable Programmatic Approach…

• Under Clearwater Leadership and Guidance…

Ongoing Support and Guidance Start Year 1 Year 2

• Re-Inventory PHI & ePHI • Re-Inventory BAs • Re-Assessments • Remediation Plans • Policies & Procedures

Review • Business Associate

Management • Training Update

• Oversight • Inventory PHI & ePHI • Inventory BAs • Assessments • Remediation Plans • Policies & Procedures • Business Associate Management • Training

• Re-Inventory PHI & ePHI • Re-Inventory BAs • Re-Assessments • Remediation Plans • Policies & Procedures Review • Business Associate Management • Training Update

© Clearwater Compliance LLC | All Rights Reserved

Comprehensive in Scope

7

… all regulations … all dimensions

© Clearwater Compliance LLC | All Rights Reserved

The Results Tangible, Discernible Work Products … and Compliance Risk Management Process / Council

PHI and ePHI Asset Inventories

Ongoing Key Assessments & Risk Analyses

Practical, Executable Corrective Action Plans

Policies and Procedures

Trained and Aware Workforce

Ongoing Program Monitoring

Support for Audits and Reviews

Strategic Management of Compliance

Proactive, Customer-focused Approach

Vibrant, Comprehensive Program 8

© Clearwater Compliance LLC | All Rights Reserved

The Value Created Tailored to Your Unique Business Requirements… Senior Compliance Expert assigned as your

Virtual Compliance Officer

Deeply experienced multi/disciplinary team

Guidance and advice at every step

Access to and use of proven processes, software, tools and templates

Holistic, comprehensive programmatic approach

Clearwater Certificate of Completion™

Audit support and advice

High quality, managed costs and delivered at your pace

Compliance | Readiness | Peace of Mind 9

© Clearwater Compliance LLC | All Rights Reserved

The Pricing Tailored To Your Desired Investment & Timing Accommodates Complete Outsource or Staff Augmentation

1Includes all Clearwater Software, Tools & Templates, Workforce Training and Secure Data / PM Room 2Out-of-Scope, additional work is billed at this fee 3Fees reflect discount off normal rates in exchange for 2-year commitment 4Companies with 50 or fewer workforce members 10

© Clearwater Compliance LLC | All Rights Reserved

The Technology Included

11

All Clearwater Industry-Leading Software, Tools & Templates and Training is Included (partial list)

MSRP

Clearwater HIPAA Security Assessment™ 3,950 $

Clearwater HIPAA Privacy and Breach Notification Assessment™ 3,950 $

Clearwater HIPAA Security Risk Analysis™ 4,950 $

Clearwater HIPAA-HITECH Strategic Alignment™ survey instrument 1,000 $

Clearwater HIPAA-HITECH Culture of Compliance™ survey instrument 1,000 $

Clearwater HIPAA-HITECH ReadinessCheck™ survey instrument 1,000 $

Clearwater HIPAA-HITECH Covered Entity Omnibus ReadinessCheck™ survey instrument 1,000 $

Clearwater HIPAA-HITECH Business Associate Omnibus ReadinessCheck™ survey instrument 1,000 $

Clearwater HIPAA-HITECH Oversight Council Charter™ 300 $

Clearwater HIPAA Security SMB Policies & Procedures™ 995 $

Clearwater HIPAA Privacy SMB Policies & Procedures™ 995 $

Clearwater HIPAA Privacy Policies & Procedures™ - CE Edition 1,495 $

Clearwater Breach Notification PnP ToolKit™ 395 $

22,030 $

SOFTWARE COSTS

© Clearwater Compliance LLC | All Rights Reserved

Protect Revenues, Assets & Reputation

Empower Market-facing Staff with Competitive Advantage

Turn Compliance into Strategic Investment Program with Predictable Costs

Choose Clearwater Compliance

May We Prepare An Agreement for Us? 12

© Clearwater Compliance LLC | All Rights Reserved

Bob Chaput, CISSP, HCISPP, CIPP/US http://www.ClearwaterCompliance.com bob.chaput@ClearwaterCompliance.com Phone: 800-704-3394 or 615-656-4299 Clearwater Compliance LLC

13

Contact

© Clearwater Compliance LLC | All Rights Reserved

Three Pillars of HIPAA-HITECH Compliance…

14

Priv

acy

Secu

rity

Bre

ach

Not

ifica

tion

… …

HITECH HIPAA

Breach Notification • 6 pages / 2K words • 4 Standards • 9 Implementation

Specs

Privacy Final Rule • 75 pages / 27K words • 56 Standards • ~ 54 “dense”

Implementation Specs

Security Final Rule • 18 pages / 4.5K words • 22 Standards • ~50 Implementation

Specs

OMNIBUS FINAL RULE

© Clearwater Compliance LLC | All Rights Reserved

Policy defines an organization’s values & expected behaviors; establishes “good faith” intent

People must include talented privacy & security & technical staff, engaged and supportive management and trained/aware colleagues following PnPs.

Procedures or processes – documented -

provide the actions required to deliver on organization’s values.

Safeguards includes the various families of administrative, physical or

technical security controls (including “guards, guns, and gates”,

encryption, firewalls, anti-malware, intrusion detection, incident

management tools, etc.)

Balanced Compliance

Program

Balanced Compliance Program

Clearwater Compliance Compass™ 15

© Clearwater Compliance LLC | All Rights Reserved 16

Three Industry-Leading Web-Based Solutions

… to address all regulatory requirements

© Clearwater Compliance LLC | All Rights Reserved 17

• Guided Tour of the Clearwater HIPAA Security Assessment™ Software

• Guided Tour of the Clearwater HIPAA Privacy and Breach Notification Assessment™ Software

• Guided Tour of the Clearwater HIPAA Risk Analysis™ Software

Guided Tours of Clearwater Web-Based Apps

© Clearwater Compliance LLC | All Rights Reserved 18

Inve

stm

ent

Assurance

Three Ways to Engage… to meet your budget and assurance requirements

© Clearwater Compliance LLC | All Rights Reserved

High Value - High Impact

Clearwater WorkShop™ Process

I. PREPARATION A. Plan / Gather / Schedule B. Read Ahead / Review Materials C. Provide SaaS Subscription/Train D. Administer Surveys

II. ONSITE DISCOVERY / ASSESSMENT A. Facilitate & Discover B. Educate & Equip C. Evaluate & Advise D. Gather & Populate SaaS

III. WRITTEN REPORT A. Analyze Findings B. Document Observations C. Develop Recommendations D. Present and Sign Off

19

© Clearwater Compliance LLC | All Rights Reserved 20

“Fishing Equipment”

“Fishing Lessons” “Fishing Charter”

Compliance Solution

Software Subscription

Only

Software Subscription Plus Consulting Days

Software Subscription Plus WorkShop™

• 90-minutes training for as many staff as you wish

• Ongoing technical support

• HIPAA Security Risk Analysis™ - 2-year subscription, paid annually.

• Ongoing software updates.

• Ongoing Community engagement.

• 90-minutes training for as many staff as you wish

• Ongoing technical support • HIPAA Security Risk

Analysis™ - 2-year subscription, paid annually.

• Ongoing software updates. • Ongoing Community

engagement. • Per Diem consulting

professional consulting services to support the risk analysis process. Advice, guidance, review.

• 90-minutes training for as many staff as you wish

• Ongoing technical support • HIPAA Security Risk Analysis™ - 2-

year subscription, paid annually. • Ongoing software updates. • Ongoing Community engagement. • Professional consulting services to

complete the risk analysis process, end-to-end.

• Risk Analysis Report with Findings, Observations and Recommendations.

• Fully-populated HIPAA Security Risk Analysis™ software application.

Included in Solutions

1Does not Include Travel & Living Expenses 2Standard 2-year Agreement; 3-Year term Discount (10%) & Multi-Subscription Discount Available. 3Minimum 2-year Commitment

© Clearwater Compliance LLC | All Rights Reserved 21

“Fishing Equipment”

“Fishing Lessons”

“Fishing Charter”

“Fishing Expedition”

Compliance Solution

Software Subscription

Only

Software Subscription

Plus Consulting Days

Software Subscription

Plus WorkShop™

Managed Compliance Services4

– Includes All Software/Templates

HIPAA Security Risk Analysis™

$4,950 annual

subscription2

$4,950 per year Plus $2,000 per

day

$TBD3, includes SaaS 1st Year

Subscription Fee

Monthly Retainer & Annual Technology Fee Engage Virtual Compliance

Officer Access Complete Team of

Experts Design & Operationalize

Compliance Program Address All Three Regulatory

“Pillars” Adopt Continuous Process

Improvement Approach Receive Ongoing Maintenance,

Updates & Support Obtain Full Support in Breaches

or OCR Audits / Investigations

HIPAA Security Assessment™

$3,950 annual

subscription2

$3,950 per year Plus $2,000 per

day

$21,500, includes SaaS 1st Year

Subscription Fee

HIPAA Privacy and Breach Notification

Assessment™

$3,950 annual

subscription2

$3,950 per year Plus $2,000 per

day

$21,500, includes SaaS 1st Year

Subscription Fee

Investment Considerations1

1Does not Include Travel & Living Expenses 2Standard 2-year Agreement; 3-Year term Discount (10%) & Multi-Subscription Discount Available. 3In order to provide a complete Risk Analysis quotation, we need complete an Information Asset Quick Inventory to properly scope the work. Please visit: http://clearwatercompliance.com/2013/06/risk-analysis-information-asset-quick-inventory-video/ 4Minimum 2-year Commitment

© Clearwater Compliance LLC | All Rights Reserved

Gary Ridner, Principal Consultant MBA, CISSP, CISM, CHPS • 25+ years in Information Systems in a broad range of industries, including

healthcare, financial services, education, and manufacturing • 10+ years specific experience in Information Systems Security • Former positions include IT consulting, project management, and senior IT

leadership roles (VP of Information Systems, VP of Technology, etc.) • Certified Information Systems Security Professional (CISSP), Certified

Information Security Manager (CISM), and Certified Public Accountant (Inactive) • MBA from Vanderbilt University with a concentration in Management

Information Systems

Greg Bassett, VP, Service Delivery MS, PMP, CISSP • 30 years IT experience across a wide range of disciplines and industries, including

healthcare, banking & finance, oil & natural gas exploration, pharmaceutical research & development and federal government

• Global Information Security professional for a Fortune 100 company leading compliance with Information Asset Protection Policies across 40 locations worldwide and more than 20,000 staff personnel)

• 15 years in healthcare information systems • Masters degree in Technology Management • Broad expertise in leading compliance with multiple regulations (HIPAA, SOX, GxP,

PCI, SDLC • Multiple Professional Certifications (CISSP, PMP)

Clearwater Compliance Team

© Clearwater Compliance LLC | All Rights Reserved

Mike Neal, Principal Consultant HCISPP • 15+ years in Information Technology and Security • 10+ years in customer-facing consulting roles • Experienced Project Manager • Significant experience delivering healthcare security and compliance solutions

to a diverse clientele • Particularly skilled in identifying business needs and mapping them to strategic

technology solutions

Wes Morris, Principal Consultant CHPS, CIPM • 15+ years in healthcare with specific experience in Mental Health • 10+ years specific experience in HIPAA Privacy • Hospital Privacy Officer experience • Experience as Compliance Team Lead with oversight of 74 U.S. Air Force

hospitals • Certified in Healthcare Privacy and Security (CHPS), and sits on the AHIMA

Examination Development Committee for the CHPS certification exam • Skilled Trainer and Speaker, known for deep understanding of Privacy and

Security

Clearwater Compliance Team

© Clearwater Compliance LLC | All Rights Reserved

Lee Painter, Principal Consultant CISSP, C|EH • 15+ years in Information Assurance and Computer Network Defense • 15+ years training customers on the need to understand and adopt best

practices • Experience as an Information Systems Security Officer for the Dept of

Homeland Security • Passionate Security Professional with a drive to provide not just

knowledge but understanding • Certified Information Systems Security Professional(CISSP) • Certified Ethical Hacker(C|EH)

Chris Dansie, Principal Consultant PhD, CISSP-ISSMP, CHP, MCSE • Consultant-Clearwater Compliance LLC • 17+ years in Information Technology • Internet Entrepreneur | Technologies | Advisor • Multiple software start-up companies • 15+ years experience in architecting, developing, securing and operating SaaS

and web applications • Expertise and focus: emerging technology, information security, compliance,

engineering, data mining

Clearwater Compliance Team

© Clearwater Compliance LLC | All Rights Reserved

Jim Vincent, Principal Consultant MHA, CHPS, CHC • 25+ years of diversified experience in the health care industry, including

delivery of clinical (nursing) care, management of human resources and personnel programs, and health care operations management

• 10 years experience implementing and managing enterprise-wide HIPAA privacy and security compliance programs, and assisting individual covered entities to achieve compliance through SME support and tailored compliance strategies

• Extensive experience investigating allegations of non-compliance/preparing written responses to HHS/OCR inquiries

• Extensive experience assessing, documenting, and responding to potential breaches of protected health information (PHI)

• Seasoned academic instructor and trainer

Clearwater Compliance Team

© Clearwater Compliance LLC | All Rights Reserved

Bob Chaput, CEO & Founder MA, CISSP, HCISPP, CIPP/US • 30+ years in Business, Operations and Technology • 20+ years in Healthcare • Executive | Educator |Entrepreneur • MA, BA - Mathematics • Global Executive: GE, JNJ, HWAY • Responsible for largest healthcare datasets in world • Numerous Technical Certifications (MCSE, MCSA, etc.) • Expertise and Focus: Healthcare, Financial Services, Retail, Legal • Member: IAPP, ISC2, HIMSS, ISSA, HCCA, ACHE, AHIMA, NTC, ACP,

SIM Chambers, Boards

Mary Chaput, Chief Financial and Compliance Officer MBA, HCISPP, CIPP/US, CIPM • 18 years in Health Care • 13 years as CFO of a public company; 12+ years with GE • Former EVP, CFO and Compliance Officer for Healthways, Inc. • Former VP, CFO for ClinTrials Research, Inc. • Business executive with over 25 years of domestic and international financial

management and operational experience • BA Mathematics, MBA, GE Financial Management Program • Expertise and Focus: Healthcare, Due Diligence, Analytics, Legal • Member: Healthways Foundation Board, Women Business Leaders

Clearwater Compliance Team

© Clearwater Compliance LLC | All Rights Reserved

Jon Stone, VP Product Innovation MPA, PMP • 25+ years in Healthcare in the compliance, provider, payer and healthcare quality

improvement fields • Innovator | Strategic Program Manager | Consultant | Executive • 15+ years of strategic leadership for compliance and Healthcare information technology

projects involving sensitive ePHI for companies such as CIGNA, Healthways and OPTUMInsight

• PMP, MPA - Healthcare Policy and Administration • Business Passion: Driving business and technology solutions for improving healthcare

operations and outcomes • Play Passion: Cycling and Oil Painting

Kathy Ebbert, EVP & Chief Operating Officer • 30+ Years Executive Leadership Roles in Service Delivery, Operations &

Technology • 13+ Years Healthcare Data Privacy & Security Oversight • President & CEO at Achieve CCA, Inc. • Former SVP Business Technology, Healthways • Former EVP, Operations at Evolved Digital Solutions, Inc. • Consistent track record of accelerating revenue and improving profits while

leading B2B service organizations through critical transformational initiatives • Steering Committee, Medical Identity Fraud Alliance • Entrepreneurial, energetic and decisive leader

Clearwater Compliance Team

© Clearwater Compliance LLC | All Rights Reserved